NIST 800-53 r5 · Controls catalogue · Family SI
SI-8Spam Protection
Employ spam protection mechanisms at system entry and exit points to detect and act on unsolicited messages; and Update spam protection mechanisms when new releases are available in accordance with organizational configuration management policy and procedures.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (20)
- T1137 Office Application Startup Persistence
- T1137.001 Office Template Macros Persistence
- T1137.002 Office Test Persistence
- T1137.003 Outlook Forms Persistence
- T1137.004 Outlook Home Page Persistence
- T1137.005 Outlook Rules Persistence
- T1137.006 Add-ins Persistence
- T1204 User Execution Execution
- T1204.001 Malicious Link Execution
- T1204.002 Malicious File Execution
- T1204.003 Malicious Image Execution
- T1221 Template Injection Stealth
- T1566 Phishing Initial Access
- T1566.001 Spearphishing Attachment Initial Access
- T1566.002 Spearphishing Link Initial Access
- T1566.003 Spearphishing via Service Initial Access
- T1598 Phishing for Information Reconnaissance
- T1598.001 Spearphishing Service Reconnaissance
- T1598.002 Spearphishing Attachment Reconnaissance
- T1598.003 Spearphishing Link Reconnaissance
Weaknesses this control addresses (6)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-20 | Improper Input Validation | 13,143 | Spam protection mechanisms perform filtering and detection on inbound/outbound messages, directly compensating for missing or weak input validation of unsolicited content. |
CWE-400 | Uncontrolled Resource Consumption | 3,324 | Blocking or throttling unsolicited messages at entry/exit points prevents attackers from flooding queues, storage, or processing resources. |
CWE-770 | Allocation of Resources Without Limits or Throttling | 1,979 | The control enforces limits on message volume and unsolicited traffic, reducing the impact of resource allocations without throttling. |
CWE-693 | Protection Mechanism Failure | 476 | Requiring deployment and timely updates of spam mechanisms prevents the absence or obsolescence of a protection mechanism that would otherwise be bypassed. |
CWE-184 | Incomplete List of Disallowed Inputs | 110 | Spam filters rely on evolving blacklists, signatures, and heuristics of disallowed message patterns; keeping them updated per the control directly mitigates incomplete disallowed-input lists. |
CWE-799 | Improper Control of Interaction Frequency | 67 | Spam protection explicitly controls interaction frequency by detecting and acting on bulk unsolicited messages from external sources. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2025-24458 | 1.4 | 7.1 | 0.0001 | partial |