Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Insights to Control Framework Mapping: Email Configurations

Ingrid

Refer to the following Email Configurations insights and assessments and how they're mapped to CIS v7 and CIS v8 controls for Control Insights:

No Email Service Misconfigurations

The lack of email service misconfigurations indicates effective control and secure email server configurations

The ratio of events of type [DKIM Bad Record, Bad SPF Finding, Bad DMARC Record] by type [DKIM Good Record, Good SPF Finding, Good DMARC Record, DKIM Bad Record, Bad SPF Finding, Bad DMARC Record] is below 10.0%

Assessment

insight-effective.png Positive

Observations

CIS v8 Controls CIS v7 Controls

Controls

  • 4 Secure Configuration of Enterprise Assets and Software
  • 9 Email and Web Browser Protections

Safeguards

  • 4.1 Establish and Maintain a Secure Configuration Process
  • 4.10 Enforce Automatic Device Lockout on Portable End-User Devices
  • 9.5 Implement DMARC
  • 9.6 Block Unnecessary File Types

Controls

  • 5 Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers
  • 7 Email and Web Browser Protections

Safeguards

  • 5.1 Establish Secure Configurations
  • 5.2 Maintain Secure Images
  • 5.4 Deploy System Configuration Management Tools
  • 5.5 Implement Automated Configuration Monitoring Systems
  • 7.6 Log All URL requester
  • 7.7 Use of DNS Filtering Services
  • 7.8 Implement DMARC and Enable Receiver-Side Verification
  • 7.9 Block Unnecessary File Types
  • 7.10 Sandbox All Email Attachments

Email Service Misconfigurations

The presence of email service misconfigurations suggests ineffective control and insecure email server configurations

The ratio of events of type [DKIM Bad Record, Bad SPF Finding, Bad DMARC Record] by type [DKIM Good Record, Good SPF Finding, Good DMARC Record, DKIM Bad Record, Bad SPF Finding, Bad DMARC Record] is above 20.0%

Assessment

x Negative

Observations

CIS v8 Controls CIS v7 Controls

Controls

  • 4 Secure Configuration of Enterprise Assets and Software
  • 9 Email and Web Browser Protections

Safeguards

  • 4.1 Establish and Maintain a Secure Configuration Process
  • 4.10 Enforce Automatic Device Lockout on Portable End-User Devices
  • 9.5 Implement DMARC
  • 9.6 Block Unnecessary File Types

Controls

  • 5 Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers
  • 7 Email and Web Browser Protections

Safeguards

  • 5.1 Establish Secure Configurations
  • 5.2 Maintain Secure Images
  • 5.4 Deploy System Configuration Management Tools
  • 5.5 Implement Automated Configuration Monitoring Systems
  • 7.4 Maintain and Enforce Network-Based URL Filters
  • 7.8 Implement DMARC and Enable Receiver-Side Verification
  • 7.9 Block Unnecessary File Types
  • 7.10 Sandbox All Email Attachments
  • April 3, 2025: Published.

Related articles

Feedback

0 comments

Please sign in to leave a comment.