CIS Control 7: Email and Web Browser Protections

Home  »  Blog  »  Cyber Security  »  CIS Control...

By Bill Minahan   |   March 2, 2021   |   0 Comments

CIS Control 13

CIS Control 7: Email and Web Browser Protections

What is CIS Control 7?

The CIS Controls are a set of actions that protect your organization from the most pervasive cyber attacks. There are 20 total critical controls that prioritize the most essential actions your organization can take in order to gain the highest pay-off results.

CIS Control 7 focuses on minimizing the attack surface and opportunities for attackers to manipulate human behavior through their interaction with web browsers and email systems.

Why is this CIS Control Critical?

The CIS Controls are based on actionable guidance from today’s biggest threats, formed by the consensus of the world’s leading experts across a variety of sectors.

CIS Control 7 is critical because web browsers and email clients are common points of entry as well as attack. This is due to their technical complexity, flexibility, and their direct interaction with users and with other systems and websites. As a result, it’s an important attack surface for every organization to consider and secure.

For instance, content can be crafted to entice or spoof users into taking actions that threaten the organization and increase overall risk. In most cases, these risks take the form of malicious code, loss of valuable data, and other attacks.

Since these applications are the main means that users interact with untrusted environments, these are therefore potential targets for both code exploitation as well as social engineering.

How to Implement CIS Control 7

Sub-Control

Asset Type

Security Function

Control Title

Control Descriptions

7.1

Applications Protect Ensure Use of Only Fully Supported Browsers and Email Clients  

Ensure that only fully supported web browsers and email clients can execute in the organization, ideally only using the latest version of the browsers and email clients provided by the vendor.

7.2

Applications Protect Disable Unnecessary or Unauthorized Browser or Email Client Plugins Uninstall or disable any unauthorized browser or email client plugins or add-on applications.

7.3

Applications Protect Limit Use of Scripting Languages in Web Browsers and Email Clients  

Ensure that only authorized scripting languages are able to run in all web browsers and email clients.

7.4

Network Protect Maintain and Enforce Network-Based URL Filters  

Enforce network-based URL filters that limit a system’s ability to connect to websites not approved by the organization. This filtering shall be enforced for each of the organization’s systems, whether they are physically at an organization’s facilities or not.

7.5

Network Protect Subscribe to URL Categorization Service  

Subscribe to URL-categorization services to ensure that they are up-to-date with the most recent website category definitions available. Uncategorized sites shall be blocked by default.

7.6

Network Detect Log All URL Requests  

Log all URL requests from each of the organization’s systems, whether on-site or a mobile device, in order to identify potentially malicious activity and assist incident handlers with identifying potentially compromised systems.

7.7

Network Protect Use of DNS Filtering Services  

Use Domain Name System (DNS) filtering services to help block access to known malicious domains.

7.8

Network Protect Implement DMARC and Enable Receiver-Side Verification  

To lower the chance of spoofed or modified emails from valid domains, implement Domain based Message Authentication, Reporting and Conformance (DMARC) policy and verification, starting by implementing the Sender Policy Framework (SPF) and the Domain Keys Identified Mail (DKIM) standards.

7.9

Network Protect Block Unnecessary File Types  

Block all email attachments entering the organization’s email gateway if the file types are unnecessary for the organization’s business.

7.10

Network Protect Sandbox All Email Attachments  

Use sandboxing to analyze and block inbound email attachments with malicious behavior.

Implementing CIS Control 7

If your team is struggling to implement CIS Control 7 and could use the assistance of a third-party security provider, aNetworks is here to help. Our team of experts can assist with whatever level of service you require from consulting to complete implementation.

If you are interested in learning more about CIS Controls, view our comprehensive list here.

If you are interested, then please contact us below.

Contact Us

Furthermore, if you are looking for more information, check out our resource center here.

Finally, you can always find us on TwitterLinkedIn, and Facebook.


Category: Cyber Security