CMMC Practice Requirement:

Implement email forgery protections.

CMMC Requirement Explanation:

Sender Policy Framework (SPF) specifices which servers are allowed to send email from your domain ( Domain Keys Identified Mail (DKIM) verifies the authenticity of an email message to a recipient. Domain-based Message Authentication, Reporting, and Conformance (DMARC) combines SPF and DKIM by specifying policies.

Example CMMC Implementation:

Implement SPF, DMARC, and DKIM on your email domain (e.g.


- Scenario 1:

Your company uses Office 365 Exchange for its email services. You visit Microsoft's website and follow the guidance for enabling SPF, DKIM, and DMARC.

Discover Our NIST SP 800-171 Solutions:


Compliance Accelerator

For contractors seeking compliance

Quantum Assessor

For IT service providers

Supply Chain Verifier

For contractors seeking to verify partner compliance