To lower the chance of spoofed or modified emails from valid domains, implement DMARC policy and verification, starting with implementing the Sender Policy Framework (SPF) and the DomainKeys Identified Mail (DKIM) standards. Restrict, either through uninstalling or disabling, any unauthorized or unnecessary browser or email client plugins, extensions, and add-on applications. 9.4: Restrict Unnecessary or Unauthorized Browser and Email Client Extensions Enforce filters for all enterprise assets. Example implementations include category-based filtering, reputation-based filtering, or through the use of block lists. 9.3: Maintain and Enforce Network-Based URL FiltersĮnforce and update network-based URL filters to limit an enterprise asset from connecting to potentially malicious or unapproved websites. Use DNS filtering services on all enterprise assets to block access to known malicious domains. Subcontrols 9.1: Ensure Use of Only Fully Supported Browsers and Email ClientsĮnsure only fully supported browsers and email clients are allowed to execute in the enterprise, only using the latest version of browsers and email clients provided through the vendor. Improve protections and detections of threats from email and web vectors, as these are opportunities for attackers to manipulate human behavior through direct engagement.
0 kommentar(er)
