IG2 IG3

Block Unnecessary File Types

Control Group: 9. Email and Web Browser Protections

Asset Type: Network

Security Function: Protect

Description

Block unnecessary file types attempting to enter the enterprise’s email gateway.

Implementation Checklist

1

Assess current protection controls in place

2

Configure and deploy required security controls

3

Test control effectiveness in non-production environment

4

Deploy to production and verify functionality

5

Document configuration and operational procedures

6

Configure email authentication (SPF, DKIM, DMARC)

7

Deploy email security gateway with filtering

8

Configure attachment and URL scanning

Tool Recommendations

Microsoft Defender for Office 365 Gartner MQ Leader, Email Security 2024

Email security platform with anti-phishing, safe attachments, safe links, and automated investigation/response

Microsoft · Per-user subscription (P1/P2)

Proofpoint Email Protection Gartner MQ Leader, Email Security 2024

Advanced email security with targeted attack protection, BEC defense, impostor detection, and URL defense

Proofpoint · Per-user subscription

Mimecast Email Security Gartner MQ Leader, Email Security 2024

Cloud email security with threat protection, continuity, archiving, and security awareness training integration

Mimecast · Per-user subscription

Abnormal Security Gartner MQ Leader, Email Security 2024

AI-native email security platform detecting BEC, phishing, and account compromise using behavioral analysis

Abnormal Security · Per-mailbox subscription

Threats & Vulnerabilities (CIS RAM)

Threat Scenarios

Malware Delivery via Executable Email Attachments

Integrity

Attackers deliver ransomware, trojans, and backdoors through email attachments using dangerous file types (.exe, .scr, .js, .vbs, .hta, .iso) that are not blocked at the email gateway, relying on users to execute them.

Macro-Enabled Document Exploitation

Confidentiality

Weaponized Office documents with malicious macros (.docm, .xlsm) or legacy formats (.doc, .xls) pass through the email gateway without file type restrictions, enabling initial access when users enable macros as instructed by social engineering.

Archive-Based Evasion of Security Controls

Integrity

Attackers wrap malicious payloads in nested archives (.zip, .rar, .7z, .iso) or password-protected containers to bypass email scanning, and without file type blocking at the gateway these containers reach user inboxes.

Vulnerabilities (When Safeguard Absent)

No File Type Restrictions at Email Gateway

The email gateway permits all file types as attachments, including executable files, script files, disk image files, and other dangerous formats commonly used as malware delivery vectors.

Incomplete Dangerous File Type Block List

The email gateway blocks some obvious file types (.exe) but misses other dangerous formats such as .iso, .img, .vhd, .js, .jse, .wsf, .hta, .lnk, and .one files that attackers actively use to deliver malware.

Evidence Requirements

Type	Evidence Item	Collection Frequency
Technical	Configuration screenshots or exports showing protection controls enabled	Captured quarterly
Document	Procedure documentation for protection measures	Reviewed annually
Technical	Email security configuration (SPF, DKIM, DMARC records)	Verified quarterly
Document	Governing policy document (current, approved, communicated)	Reviewed annually

Related Policy Templates

Email Security Policy

Control 9

Web Browser Security Policy

Control 9

Related Safeguards in Control 9

9.1 Ensure Use of Only Fully Supported Browsers and Email Clients

9.2 Use DNS Filtering Services

9.3 Maintain and Enforce Network>Based URL Filters

9.4 Restrict Unnecessary or Unauthorized Browser and Email Client Extensions

9.5 Implement DMARC

9.7 Deploy and Maintain Email Server Anti>Malware Protections