Page last updated:

PCF Compliance

Compliance with this requirement is the responsibility of the PCF deployer.

Control Description

The organization:

  1. Employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages; and
  2. Updates spam protection mechanisms when new releases are available in accordance with organizational configuration management policy and procedures.

Supplemental Guidance

Information system entry and exit points include, for example, firewalls, electronic mail servers, web servers, proxy servers, remote-access servers, workstations, mobile devices, and notebook/laptop computers. Spam can be transported by different means including, for example, electronic mail, electronic mail attachments, and web accesses. Spam protection mechanisms include, for example, signature definitions.