CMMC Practice Requirement:

Implement email forgery protections.

CMMC Requirement Explanation:

Sender Policy Framework (SPF) specifices which servers are allowed to send email from your domain (@mycompany.com). Domain Keys Identified Mail (DKIM) verifies the authenticity of an email message to a recipient. Domain-based Message Authentication, Reporting, and Conformance (DMARC) combines SPF and DKIM by specifying policies.

Example CMMC Implementation:

Implement SPF, DMARC, and DKIM on your email domain (e.g. @mycompany.com).

Scenario(s):

- Scenario 1:

Your company uses Office 365 Exchange for its email services. You visit Microsoft's website and follow the guidance for enabling SPF, DKIM, and DMARC.
 

Discover Our NIST SP 800-171 Solutions:

 /assets/images/compliance_accelerator_white.png

Compliance Accelerator

For contractors seeking compliance
 /assets/images/quantum_assessor_white.png

Quantum Assessor

For IT service providers
 /assets/images/supply_chain_logo_white.png

Supply Chain Verifier

For contractors seeking to verify partner compliance