Email Security
Protect against email-borne threats.
9 of 9 frameworks cover this control
Framework Mappings
How Email Security maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | PR.IR-01 |
| ISO 27001 | Covered | A.8.7 A.8.23 |
| CIS v8 | Covered | CIS 9.6 CIS 9.7 |
| SOC 2 | Covered | CC6.8 |
| PCI DSS | Covered | 5.2.1 |
| CMMC | Covered | SI.L2-3.14.5 |
| 800-53 | Covered | SI-3 SI-8 |
| HIPAA | Covered | §164.308(a)(5)(ii)(A) §164.312(e)(1) |
| GDPR | Covered | Art.32(1)(b) |
About Email Security
Email Security is a cybersecurity control in the Protect domain. Protect against email-borne threats. Email security controls defend against phishing, business email compromise (BEC), malware delivery, and spam, which remain the most common initial attack vectors for cyber breaches. Implementation includes deploying email filtering gateways, configuring SPF, DKIM, and DMARC records to prevent domain spoofing, sandboxing attachments, and enabling URL rewriting to inspect links at click time. Organizations should combine technical controls with regular phishing simulation exercises and clear procedures for employees to report suspicious messages to the security team.
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.