CMMC Practice Requirement:

Employ spam protection mechanisms at information system access entry and exit points.

CMMC Requirement Explanation:

Spam emails are often malicious. Blocking spam reduces the chance of your users receiving malicious emails.

Example CMMC Implementation:

Implement spam filtering for your email services. Restrict spam from coming into your organization. Restrict your company's email services form being used to send spam (should be mentioned in your acceptable use agreement). Many cloud based email services such as Office 365 Exchange and Gmail have spam filtering features by default. These can be modified to increase their effectiveness. If the spam filters miss any spam email, you should manually add them to the filter.


- Scenario 1:

Your company uses Exchange with Office 365 for its email services. You log into the Exchange admin panel to ensure that spam protection is on. As you discover spam emails that were missed by the filter you manually add them to spam filter.

Discover Our NIST SP 800-171 Solutions:


Compliance Accelerator

For contractors seeking compliance

Quantum Assessor

For IT service providers

Supply Chain Verifier

For contractors seeking to verify partner compliance