Control: The organisation:
Spam Protection Supplemental Guidance:
Information system entry and exit points include, for example, firewalls, electronic mail servers, web servers, proxy servers, remote-access servers, workstations, mobile devices, and notebook/laptop computers. Spam can be transported by different means including, for example, electronic mail, electronic mail attachments, and web accesses. Spam protection mechanisms include, for example, signature definitions.
Spam Protection Control Enhancements:
SI-8 (1) Spam Protection - Central Management
The organisation centrally manages spam protection mechanisms.
Supplemental Guidance: Central management is the organisation-wide management and implementation of spam protection mechanisms. Central management includes planning, implementing, assessing, authorising, and monitoring the organisation-defined, centrally managed spam protection security controls.
SI-8 (2) Spam Protection - Automatic Updates
The information system automatically updates spam protection mechanisms.
SI-8 (3) Spam Protection - Continuous Learning Capability
The information system implements spam protection mechanisms with a learning capability to more effectively identify legitimate communications traffic.
Supplemental Guidance: Learning mechanisms include, for example, Bayesian filters that respond to user inputs identifying specific traffic as spam or legitimate by updating algorithm parameters and thereby more accurately separating types of traffic.