The organization must employ malicious code protection mechanisms at workstations, servers, or mobile computing devices on the network to detect and take action on unsolicited messages transported by electronic mail, electronic mail attachments, and web accesses.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-27143 | SRG-APP-NA | SV-34442r1_rule | Medium |
| Description |
|---|
| Senders of SPAM messages are continually modifying their tactics and source email addresses in order to elude protection mechanisms. To stay up-to-date with the changing threat and to identify SPAM messages, it is critical that SPAM protection mechanisms are kept current. Unsolicited email messages otherwise known as SPAM are known to be one of the primary vectors for the propagation of many types of attacks including phishing attacks. SPAM and malware protection techniques include examining email messages, files, and web traffic at border gateways or proxies to determine if the traffic contains SPAM or some other type of malware. This is a requirement to utilize SPAM prevention and anti-virus/malware software on workstations, servers, and laptops. This requirement does not apply to applications. |
| STIG | Date |
|---|---|
| Application Security Requirements Guide | 2011-12-28 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (None) |
|---|
| None |