PUBLICATION

Enhance Email & Web Security

Revision Date

December 17, 2020

Related topics:

Cybersecurity Best Practices, Cyber Threats and Advisories,

Phishing emails and the use of unencrypted Hypertext Transfer Protocol (HTTP) remain persistent channels through which malicious actors can exploit vulnerabilities in an organization’s cybersecurity posture. Attackers may spoof a domain to send a phishing email that looks like a legitimate email. At the same time, users transmitting data via unencrypted HTTP protocol, which does not protect data from interception or alteration, are vulnerable to eavesdropping, tracking, and the modification of the data itself.

CISA encourages its State, Local, Tribal and Territorial (SLTT) government partners, as well as private entities, to use this guide to learn more about this threat and associated mitigation activities. This guidance is derived from Binding Operational Directive 18-01 – Enhance Email and Web Security and includes lessons learned and additional considerations for non-federal entities seeking to implement actions in line with federal civilian departments and agencies, as directed by CISA.

Return to Telework Guidance - Technical Audience.

Enhance Email & Web Security

Resource Materials

Tags

Exploring Memory Safety in Critical Open Source Projects

Emergency Services Sector Cybersecurity Best Practices

Cybersecurity Advisory Committee (CSAC) Reports and Recommendations

Barriers to Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: Identifying Challenges and Opportunities

Enhance Email & Web Security

Resource Materials

Tags

Related Resources

Exploring Memory Safety in Critical Open Source Projects

Emergency Services Sector Cybersecurity Best Practices

Cybersecurity Advisory Committee (CSAC) Reports and Recommendations

Barriers to Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: Identifying Challenges and Opportunities