This sections covers protections from attacks against the primary attack vector for malicious users and applies to both clients and servers. Implementation Assessment ATP – Safe Attachments, Safe Links, and Anti-Phishing Policies or “All the policies you can shake a stick at” This blog post describes the features of Microsoft’s Advanced Threat Protection (ATP). Australian Cyber Security Centre (ACSC) – Malicious Email Mitigation Strategies This publication describes strategies for mitigating impacts of malicious emails. Avanan – 6 Things You Need to Know About Microsoft Security in Office 365 This article describes various methods to secure Microsoft O365, including email sandboxing. Cybersecurity & Infrastructure Security Agency – Securing Your Web Browser This document provides recommended security practices for designing and operating public Web servers. DISA – Security Technical Information Guide (STIG): Web Server Version 7, Release 1 Checklist Details This link provides a list of Security Technical Implementation Guides (STIGs) for various web server platforms. Indiana University – About Proxy Servers This knowledge base article from Indiana University describes proxy servers. ITProPortal – Kick Suspicious Email Attachments to the Sandbox This article helps the reader to understand how to bridge the gap and add an essential component to any cybersecurity strategy. NIST SP 800-44 Guidelines on Securing Public Web Servers This document provides recommended security practices for designing and operating public Web servers. NIST SP 800-45 Guideline on Electronic Mail Security This document provides recommended security practices for designing and operating email systems. PC Magazine – 6 Ways SMBs Can Avoid an Email Security Nightmare This article describes tips on how small to midsize businesses (SMBs) should approach email security. Tech Target – Email Security Best Practices This article offers some simple tips on securing email from both administrative and end user perspectives. NIST Handbook 162 NIST MEP Cybersecurity Self-Assessment Handbook For Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements This Handbook provides a step-by-step guide to assessing a small manufacturer’s information systems against the security requirements in NIST SP 800-171 rev 1. NIST SP 800-171A Assessing Security Requirements for Controlled Unclassified Information The purpose of this publication is to provide procedures for assessing the CUI requirements in NIST Special Publication 800-171. US-CERT – Evaluating Your Web Browser’s Security Settings This DHS Security Tip provides information on securely configuring a computer web browser.