GRCWatch
Sign inStart free trial

CIS Control 9.7: Deploy and Maintain Email Server Anti-Malware Protections

Email remains the primary attack vector for malware delivery to organizations. CIS Control 9.7 requires deployment of anti-malware protections on email servers to detect and block threats before they reach end users. Proper implementation of attachment scanning and sandboxing significantly reduces your organization's exposure to email-based attacks.

What this means

This control mandates that organizations implement and continuously maintain anti-malware solutions specifically designed for email servers. The protections must include attachment scanning to detect malicious files and sandboxing capabilities that execute suspicious attachments in isolated environments to identify hidden threats. Regular updates and monitoring ensure these defenses remain effective against evolving malware variants.

How to comply

  1. 1.Select and deploy an email server anti-malware solution with built-in attachment scanning capabilities
  2. 2.Configure automatic scanning of all incoming and outgoing email attachments
  3. 3.Enable sandboxing features to detonate and analyze suspicious attachments in isolated environments
  4. 4.Set up real-time malware signature updates from your security vendor
  5. 5.Configure quarantine rules for detected malicious attachments
  6. 6.Monitor scanning logs and quarantine reports for threats
  7. 7.Regularly test anti-malware effectiveness with safe test files
  8. 8.Document all anti-malware policies, configurations, and maintenance activities

Evidence auditors look for

  • Email gateway anti-malware configuration documentation and screenshots
  • Attachment scanning policy settings and enabled features
  • Sandbox detection and detonation logs showing analysis of suspicious files
  • Malware signature update logs demonstrating current definitions
  • Quarantine reports with detected threats and remediation actions
  • Anti-malware solution vendor documentation and licensing records
  • Email security testing results and threat detection reports
  • Change logs showing updates and maintenance of anti-malware systems

Frequently asked questions

When will FAQs be available?

The FAQ for this control is currently being prepared.

GRCWatch automates collection of email anti-malware logs, scanning reports, and update records from your server, eliminating manual evidence gathering for CIS 9.7 audits.

See how GRCWatch handles this control automatically

Start free trial

Related controls

CIS Control 9.1 - Designate and Maintain Email and Web Content FilteringCIS Control 9.2 - Enforce Email Security SettingsCIS Control 10.5 - Allowlist Use of Libraries, Utilities, Compiler, and InterpretersCIS Control 13.2 - Enable Malware Scanning