CIS Control 7: Email and Web Browser Protections

Minimize the attack surface and the opportunities for attackers to manipulate human behavior through their interaction with web browsers and email systems.

Why is this CIS Control Critical?

Web browsers and email clients are very common points of entry and attack because of their technical complexity, flexibility, and their direct interaction with users and with other systems and websites. Content can be crafted to entice or spoof users into taking actions that greatly increase risk and allow introduction of malicious code, loss of valuable data, and other attacks. Since these applications are the main means that users interact with untrusted environments, these are potential targets for both code exploitation and social engineering.

• 7.1: Ensure Use of Only Fully Supported Browsers and Email Clients
• 7.2: Disable Unnecessary or Unauthorized Browser or Email Client Plugins
• 7.3: Limit Use of Scripting Languages in Web Browsers and Email Clients
• 7.4: Maintain and Enforce Network-Based URL Filters
• 7.5: Subscribe to URL-Categorization Service
• 7.6: Log All URL Requests
• 7.7: Use of DNS Filtering Services
• 7.8: Implement DMARC and Enable Receiver-Side Verification
• 7.9: Block Unnecessary File Types
• 7.10: Sandbox All Email Attachments