Insights to Control Framework Mapping: Email Configurations Ingrid Refer to the following Email Configurations insights and assessments and how they're mapped to CIS v7 and CIS v8 controls for Control Insights: No Email Service Misconfigurations The lack of email service misconfigurations indicates effective control and secure email server configurations The ratio of events of type [DKIM Bad Record, Bad SPF Finding, Bad DMARC Record] by type [DKIM Good Record, Good SPF Finding, Good DMARC Record, DKIM Bad Record, Bad SPF Finding, Bad DMARC Record] is below 10.0% Assessment Positive Observations SPF Domains DKIM Records CIS v8 Controls CIS v7 Controls Controls 4 Secure Configuration of Enterprise Assets and Software 9 Email and Web Browser Protections Safeguards 4.1 Establish and Maintain a Secure Configuration Process 4.10 Enforce Automatic Device Lockout on Portable End-User Devices 9.5 Implement DMARC 9.6 Block Unnecessary File Types Controls 5 Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers 7 Email and Web Browser Protections Safeguards 5.1 Establish Secure Configurations 5.2 Maintain Secure Images 5.4 Deploy System Configuration Management Tools 5.5 Implement Automated Configuration Monitoring Systems 7.6 Log All URL requester 7.7 Use of DNS Filtering Services 7.8 Implement DMARC and Enable Receiver-Side Verification 7.9 Block Unnecessary File Types 7.10 Sandbox All Email Attachments Email Service Misconfigurations The presence of email service misconfigurations suggests ineffective control and insecure email server configurations The ratio of events of type [DKIM Bad Record, Bad SPF Finding, Bad DMARC Record] by type [DKIM Good Record, Good SPF Finding, Good DMARC Record, DKIM Bad Record, Bad SPF Finding, Bad DMARC Record] is above 20.0% Assessment Negative Observations SPF Domains DKIM Records CIS v8 Controls CIS v7 Controls Controls 4 Secure Configuration of Enterprise Assets and Software 9 Email and Web Browser Protections Safeguards 4.1 Establish and Maintain a Secure Configuration Process 4.10 Enforce Automatic Device Lockout on Portable End-User Devices 9.5 Implement DMARC 9.6 Block Unnecessary File Types Controls 5 Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers 7 Email and Web Browser Protections Safeguards 5.1 Establish Secure Configurations 5.2 Maintain Secure Images 5.4 Deploy System Configuration Management Tools 5.5 Implement Automated Configuration Monitoring Systems 7.4 Maintain and Enforce Network-Based URL Filters 7.8 Implement DMARC and Enable Receiver-Side Verification 7.9 Block Unnecessary File Types 7.10 Sandbox All Email Attachments April 3, 2025: Published. Related articles Compromised System Findings Verifying That a Finding Is Remediated User Preferences: Email Preferences Company Relationships Manage Company / Service Provider Relationships Feedback 0 comments Please sign in to leave a comment.