SI-8: SPAM PROTECTION

TAILORED FOR INDUSTRIAL CONTROL SYSTEMS

• ICS Control Baselines:

• Moderate
• High

• a. Employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages; and
• b. Updates spam protection mechanisms when new releases are available in accordance with organizational configuration management policy and procedures.

SUPPLEMENTAL GUIDANCE

Information system entry and exit points include, for example, firewalls, electronic mail servers, web servers, proxy servers, remote-access servers, workstations, mobile devices, and notebook/laptop computers. Spam can be transported by different means including, for example, electronic mail, electronic mail attachments, and web accesses. Spam protection mechanisms include, for example, signature definitions.

ICS SUPPLEMENTAL GUIDANCE

ICS spam protection may be implemented by removing spam transport mechanisms, functions and services (e.g., electronic mail, Internet access) from the ICS. If any spam transport mechanisms, functions and services are present in the ICS, spam protection in ICS takes into account operational characteristics of ICS that differ from general purpose information systems, (e.g., unusual traffic flow that may be misinterpreted and detected as spam. Example compensating controls include whitelist mail transfer agents (MTA), digitally signed messages, acceptable sources, and acceptable message types.

CONTROL ENHANCEMENTS

SI-8 (1) SPAM PROTECTION | CENTRAL MANAGEMENT

• ICS Control Baselines:

• Moderate
• High

The organization centrally manages spam protection mechanisms.

Supplemental Guidance:

Central management is the organization-wide management and implementation of spam protection mechanisms. Central management includes planning, implementing, assessing, authorizing, and monitoring the organization-defined, centrally managed spam protection security controls.

ICS Supplemental Guidance:

Example compensating controls include employing local mechanisms or procedures.

RELATED CONTROLS: SI-8 (1)

• AU-3 — AUDIT AND ACCOUNTABILITY | CONTENT OF AUDIT RECORDS
• SI-2 — SYSTEM AND INFORMATION INTEGRITY | FLAW REMEDIATION
• SI-7 — SYSTEM AND INFORMATION INTEGRITY | SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY

SI-8 (2) SPAM PROTECTION | AUTOMATIC UPDATES

• ICS Control Baselines:

• Moderate
• High

The information system automatically updates spam protection mechanisms.

Supplemental Guidance: NONE

No ICS Supplemental Guidance.

SI-8 (3) SPAM PROTECTION | CONTINUOUS LEARNING CAPABILITY

NOT SELECTED FOR THE NIST ISC CONTROL SET

The information system implements spam protection mechanisms with a learning capability to more effectively identify legitimate communications traffic.

Supplemental Guidance:

Learning mechanisms include, for example, Bayesian filters that respond to user inputs identifying specific traffic as spam or legitimate by updating algorithm parameters and thereby more accurately separating types of traffic.

REFERENCES:

• NIST Special Publication 800-45
• NIST Special Publication 800-82