NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-8(3)Continuous Learning Capability

Implement spam protection mechanisms with a learning capability to more effectively identify legitimate communications traffic.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Learning mechanisms include Bayesian filters that respond to user inputs that identify specific traffic as spam or legitimate by updating algorithm parameters and thereby more accurately separating types of traffic.

Practitioner Notes

Your spam filter should continuously learn from new spam patterns and user feedback to improve detection accuracy over time.

Example 1: Enable the "Report Message" add-in in Outlook so users can report missed spam and false positives directly to Microsoft. Their reports feed into the machine learning models that improve Exchange Online Protection's detection accuracy.

Example 2: Configure your spam gateway to use a feedback loop where messages released from quarantine (false positives) and user-reported spam (false negatives) automatically adjust the filtering algorithms. Over time, the filter learns what your organization considers spam.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status