Minimize the attack surface and the opportunities for attackers to manipulate human behavior though their interaction with web browsers and email systems.
Why is this CIS Control critical?
Web browsers and email clients are very common points of entry and attack because of their high technical complexity and flexibility, and their direct interaction with users and with the other systems and websites. Content can be crafted to entice or spoof users into taking actions that greatly increase risk and allow introduction of malicious code, loss of valuable data, and other attacks.
- Ensure that only fully supported web browsers and email clients are allowed to execute in the organization, ideally only using the latest version of the browsers provided by the vendor in order to take advantage of the latest security functions and fixes.
- Uninstall or disable any unnecessary or unauthorized browser or email client plugins or add-on applications. Each plugin shall utilize application / URL whitelisting and only allow the use of the application for pre-approved domains.
See the full text of this CIS Control and the other 20 CIS Controls
Information Hub: Email and Web Browser Protections
Advisory • 16 May 2017
Blog post • 15 May 2017
Newsletter • 11 May 2017
Advisory • 09 May 2017