Security Review (Optional)
Efficacy Guide using Cisco Secure Email
Additional Hardening Recommendations
Admins should always keep in mind who has access to the mail gateway. Please always be sure to have best practices for the following to keep your configuration safe:
Scanning of Password-protected Attachments
Starting with the AsyncOS 14.0 was made available.
- Security Services > Scan Behavior
- Click Edit Global Settings...
- In Scanning of Password-protected Attachments, click Enabled for Inbound Mail Traffic
- Outbound Mail Traffic is optional
- In Probable Password for Analysis, click Enabled
- Define up to five (5) passwords in the setting
- Submit and Commit your configuration changes
Sender Domain Reputation
Sender Domain Reputation (SDR) was introduced in AsyncOS 12.0. This is enabled by default. Assure that you are running the minimum configuration of SDR:

Note: Cluster: Hosted_Cluster as this is Cloud Gateway
User Config
For your Gateway/Cloud Gateway, enforce 90-day passphrase expiration.
- System Administration > Users
- In Local User Account & Passphrase Settings, click Edit Settings...
- For Passphrase Reset, configure Require users to reset passphrases after 90 days
- Submit and Commit your configuration changes
Two-factor Authentication (2FA)
For your Gateway/Cloud Gateway, enable Two-factor Authentication.
- More information is to be provided; check back for 2FA details.
Guide Checklist
At this time, we have completed the following:
- Introduction
- Validate Detection Services
- Review of Bypass, Accept or Allow Lists
- Aggressive Profile for Anti-Spam
- Review and Validate MX Records
- Submissions to Talos
- Support Requests
- Security Review (Optional)
Congratulations! You're at the end of the Efficacy Guide using Cisco Secure Email! Thank you for taking the time to step through this guide.
Up next, if you wish - ensure that you get full use and detection of URLs with our URL Defense Guide.
Updated 3 months ago