CIS Control 9: Email and Web Browser Protections

Improve protections and detections of threats from email and web vectors, as these are opportunities for attackers to manipulate human behavior through direct engagement.

Why is this CIS Control Critical?

Web browsers and email clients are very common points of entry for attackers because of their direct interaction with users inside an enterprise. Content can be crafted to entice or spoof users into disclosing credentials, providing sensitive data, or providing an open channel to allow attackers to gain access, thus increasing risk to the enterprise. Since email and web are the main means that users interact with external and untrusted users and environments, these are prime targets for both malicious code and social engineering. Additionally, as enterprises move to web-based email, or mobile email access, users no longer use traditional full-featured email clients, which provide embedded security controls like connection encryption, strong authentication, and phishing reporting buttons.

• 9.1: Ensure Use of Only Fully Supported Browsers and Email Clients
• 9.2: Use DNS Filtering Services
• 9.3: Maintain and Enforce Network-Based URL Filters
• 9.4: Restrict Unnecessary or Unauthorized Browser and Email Client Extensions
• 9.5: Implement DMARC
• 9.6: Block Unnecessary File Types
• 9.7: Deploy and Maintain Email Server Anti-Malware Protections