Email and Web Browser Protections
Restrict, either through uninstalling or disabling, any unauthorized or unnecessary browser or email client plugins, extensions, and add-on applications.
Email and Web Browser Protections
Level 2
To lower the chance of spoofed or modified emails from valid domains, implement DMARC policy and verification, starting with implementing the Sender Policy Framework (SPF) and the DomainKeys Identified Mail (DKIM) standards.
Email and Web Browser Protections
Level 2
Block unnecessary file types attempting to enter the enterprise’s email gateway.
Email and Web Browser Protections
Deploy and maintain email server anti-malware protections, such as attachment scanning and/or sandboxing.
Malware Defenses
Deploy and maintain anti-malware software on all enterprise assets.
Malware Defenses
Configure automatic updates for anti-malware signature files on all enterprise assets.
Malware Defenses
Disable autorun and autoplay auto-execute functionality for removable media.
Malware Defenses
Configure anti-malware software to automatically scan removable media.
Malware Defenses
Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and Gatekeeper™.
Malware Defenses
Centrally manage anti-malware software.
