Audit Log Management
Level 2
Collect URL request audit logs on enterprise assets, where appropriate and supported.
Audit Log Management
Level 2
Collect command-line audit logs. Example implementations include collecting audit logs from PowerShell®, BASH™, and remote administrative terminals.
Audit Log Management
Level 2
Centralize, to the extent possible, audit log collection and retention across enterprise assets.
Email and Web Browser Protections
Ensure only fully supported browsers and email clients are allowed to execute in the enterprise, only using the latest version of browsers and email clients provided through the vendor.
Email and Web Browser Protections
Level 1
Use DNS filtering services on all enterprise assets to block access to known malicious domains.
Email and Web Browser Protections
Enforce and update network-based URL filters to limit an enterprise asset from connecting to potentially malicious or unapproved websites. Example implementations include category-based filtering, reputation-based filtering, or through the use of block lists. Enforce filters for all enterprise assets.
Email and Web Browser Protections
Restrict, either through uninstalling or disabling, any unauthorized or unnecessary browser or email client plugins, extensions, and add-on applications.
Email and Web Browser Protections
Level 2
To lower the chance of spoofed or modified emails from valid domains, implement DMARC policy and verification, starting with implementing the Sender Policy Framework (SPF) and the DomainKeys Identified Mail (DKIM) standards.
Email and Web Browser Protections
Level 2
Block unnecessary file types attempting to enter the enterprise’s email gateway.
Email and Web Browser Protections
Deploy and maintain email server anti-malware protections, such as attachment scanning and/or sandboxing.
