UCF STIG Viewer Logo



Number Title Impact Priority Subject Area
SI-8 Spam Protection MODERATE P2 System And Information Integrity

The organization:
Employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages; and
Updates spam protection mechanisms when new releases are available in accordance with organizational configuration management policy and procedures.
Information system entry and exit points include, for example, firewalls, electronic mail servers, web servers, proxy servers, remote-access servers, workstations, mobile devices, and notebook/laptop computers. Spam can be transported by different means including, for example, electronic mail, electronic mail attachments, and web accesses. Spam protection mechanisms include, for example, signature definitions.

SI-8 (1) Central Management MODERATE
Central management is the organization-wide management and implementation of spam protection mechanisms. Central management includes planning, implementing, assessing, authorizing, and monitoring the organization-defined, centrally managed spam protection security controls.

The organization centrally manages spam protection mechanisms.

SI-8 (2) Automatic Updates MODERATE

The information system automatically updates spam protection mechanisms.

SI-8 (3) Continuous Learning Capability
Learning mechanisms include, for example, Bayesian filters that respond to user inputs identifying specific traffic as spam or legitimate by updating algorithm parameters and thereby more accurately separating types of traffic.

The information system implements spam protection mechanisms with a learning capability to more effectively identify legitimate communications traffic.