Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The information system automatically updates spam protection mechanisms.
NIST 800-53 (r4) Supplemental Guidance:
None
NIST 800-53 (r5) Discussion:
Using automated mechanisms to update spam protection mechanisms helps to ensure that updates occur on a regular basis and provide the latest content and protection capabilities.
38North Guidance:
Meets Minimum Requirement:
If the system will be allowing inbound emails, CSP should automatically update spam protection mechanisms.
This control is not applicable if the system does not accept any inbound email and here are no email servers or components that are able to carry a spam payload within scope of the system.
Best Practice: None
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Automated mechanisms supporting and/or implementing updates to spam protection.
If marked N/A, 3PAO will inspect the information system, firewall rulesets, etc. to confirm the cloud service offering does not allow inbound emails.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse