CMMC Practice SI.3.219: Implement email forgery protections.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
Implement email protections in addition to basic spam protections. Some potential advanced email protections include Sender Policy Framework (SPF) ,Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting & Conformance (DMARC). SPF uses DNS to show which servers are allowed to send email for a given domain. DKIM uses asymmetric cryptography to verify the authenticity of an email message and provide assurance of the legitimacy of the email to the recipient. DMARC allows organizations to deploy a combination of DKIM and SPF to further enhance their electronic mail infrastructure by adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.