7.10: Sandbox All Email Attachments
Use sandboxing to analyze and block inbound email attachments with malicious behavior.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Network |
Protect |
3 |
Dependencies
Sub-control 2.1: Maintain Inventory of Authorized Software
Inputs
The list of authorized software
Operations
Enumerate all e-mail servers in the enterprise
For each identified e-mail server, examine its configuration to ensure that either native attachment sandboxing is configured or that an external system is configured to be used for that purpose, noting appropriately and inappropriately configured servers
Assumptions
The majority of e-mail servers have appropriate configuration attributes to examine.
Measures
M1 = List of all e-mail servers in the enterprise
M2 = List of appropriately configured e-mail servers
M3 = List of inappropriately configured e-mail servers
M4 = Count of all e-mail servers in the enterprise (count of M1)
M5 = Count of appropriately configured e-mail servers (count of M2)
M6 = Count of inappropriately configured e-mail servers (count of M3)
Metrics
Coverage
Metric |
The ratio of appropriately configured e-mail servers to the total number of e-mail
servers
|
Calculation |
|