Email and Web Browser Protections
CIS Control 7This is a foundational Control
Minimize the attack surface and the opportunities for attackers to manipulate human behavior through their interaction with web browsers and email systems.
Why is this CIS Control critical?
Web browsers and email clients are very common points of entry and attack because of their technical complexity, flexibility, and their direct interaction with users and with the other systems and websites. Content can be crafted to entice or spoof users into taking actions that greatly increase risk and allow introduction of malicious code, loss of valuable data, and other attacks. Since these applications are the main means that users interact with untrusted environments, these are potential targets for both code exploitation and social engineering.
- Ensure that only fully supported web browsers and email clients are allowed to execute in the organization, ideally only using the latest version of the browsers and email clients provided by the vendor.
- To lower the chance of spoofed or modified emails from valid domains, implement Domain-based Message Authentication, Reporting and Conformance (DMARC) policy and verification, starting by implementing the Sender Policy Framework (SPF) and the DomainKeys Identified Mail(DKIM) standards.
Want to implement this foundational Control?
Information Hub : CIS Controls
Press-release • 18 Mar 2019
White paper • 14 Mar 2019
Blog post • 12 Mar 2019
Blog post • 07 Mar 2019