STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

SI-8

System and Information IntegrityRev 5organization

Spam Protection

Baselines:ModerateHigh

Control Statement

a. Employ spam protection mechanisms at system entry and exit points to detect and act on unsolicited messages; and b. Update spam protection mechanisms when new releases are available in accordance with organizational configuration management policy and procedures.

Supplemental Guidance

System entry and exit points include firewalls, remote-access servers, electronic mail servers, web servers, proxy servers, workstations, notebook computers, and mobile devices. Spam can be transported by different means, including email, email attachments, and web accesses. Spam protection mechanisms include signature definitions.

Related Controls (6)

PL-9SC-5SC-7SC-38SI-3SI-4

CCI Identifiers (7)

CCI-001305The organization employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages transported by electronic mail, electronic mail attachments, web accesses, removable media, or other common means.CCI-001306The organization updates spam protection mechanisms when new releases are available in accordance with organizational configuration management policy and procedures.CCI-002741Employ spam protection mechanisms at system entry points to detect and take action on unsolicited messages.CCI-002742Employ spam protection mechanisms at system exit points to detect and take action on unsolicited messages.CCI-005000Update spam protection mechanisms when new releases are available in accordance with organizational configuration management policy.CCI-005001Update spam protection mechanisms when new releases are available in accordance with organizational configuration management procedures.CCI-001677The organization employs spam protection mechanisms at workstations, servers, or mobile computing devices on the network to detect and take action on unsolicited messages transported by electronic mail, electronic mail attachments, web accesses, removable media, or other common means.

Linked STIG Checks (1)

Across 1 STIGs. Click to expand.