Phishing Awareness Materials

Comply with CISA’s Phishing Guidance M-21-31 with 5 Simple Steps

Share with your network!

With the continued focus on improving national cybersecurity following Executive Order 14028, the Cybersecurity and Infrastructure Security Agency (CISA) has continued to provide resources and best practices to help ensure agencies are securing every user, application, database, system and network.

Current Proofpoint users can easily comply with the CISA phishing reporting mandate, M-21-31, through email gateway and Proofpoint Targeted Attack Protection (TAP) dashboards. Here are five simple steps to follow:

Step 1: Log in to your Proofpoint on-demand or Proofpoint Protection Server Administrative Interface.

Step 2: Navigate to Email Protection (top menu) > Spam Detection (left-side column) > Policies > Rules.

Step 3: Edit the *_policy_phish rule (example highlighted below). If this rule doesn’t exist, please contact your Proofpoint Account Team to conduct a health-check review and provide further details.  

Step 4: Under Dispositions, check “Send a copy to destination” and take the following three actions:

  • Select “New recipient(s)” in the “To:” section.
  • Enter “” into the “New recipient(s)” text box.
  • Click on “Save Changes” in the upper left.

Step 5: Repeat for each separate active spam email policy your organization uses.

Email reporting: a critical part of cyber defense

Email reporting is critical to both defending against cyber attackers and evaluating the effectiveness of your security awareness training efforts.

CISA’s efforts to implement reporting across all agencies allows the aggregation of attacks. With the TAP dashboard, organizations can track trends and mitigate risk, but beyond reporting, it takes continuous training and reinforcement across all users.

  • Coach users about reporting. It’s not enough to simply give users access to a reporting tool. They need to know how to find it—and how to use it. 
  • Communicate about the positive impact user-reported emails can make within your organization. A reporting tool empowers users to help stop cyber attacks.
  • Train users about when to report. Also, give users time to grow their confidence in their ability to identify and take action on suspicious messages.  
  • If necessary, shift organizational focus away from failure rates as the ultimate indicator of phishing awareness. Become an internal advocate for reporting and emphasize reporting rates in metrics socialized internally.
  • Share successes with users, too. Highlight real-world phishing attempts reported by employees. These stories both reinforce the positive impacts of reporting and remind employees that they can make a difference when they apply what they learn in your security awareness training program.

Learn more about FedRAMP Authorized and in-process solutions from Proofpoint by scheduling a cybersecurity health check. Reach out to today.

Additional resources from Proofpoint:

State of the Phish report

Advanced Email Security solution brief