Unauthorized information processing activities occur undetected due to lack of consistent logging and monitoring activities.
The organization:
a. Employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages; and
b. Updates spam protection mechanisms when new releases are available in accordance with organizational configuration management policy and procedures.
A spam filter is active on the organization email system.
No statewide control
Obtain system and information integrity policy; procedures addressing spam protection; information system design documentation; spam protection mechanisms; information system configuration settings and associated documentation; other relevant documents or records and ascertain if :
(I)the information system implements spam protection by verifying that the organization:
-employs spam protection mechanisms at critical information system entry points and at workstations, servers, or mobile computing devices on the network.
-employs spam protection mechanisms to detect and take appropriate action on unsolicited messages transported by electronic mail, electronic mail attachments, Internet accesses, or other common means.
