Email Security

Abnormal Security

Name: Abnormal Security
Rating: 2.1666666666666665 (10 reviews)
Author: Abnormal Security

by Abnormal Security

Covered

controls

Partial

controls

Gaps

controls

NIST 800-171 Coverage5%

Overview

Abnormal Security by Abnormal Security is an email security solution that covers 5 NIST 800-171 controls (5% total coverage). It addresses key requirements in the email security domain for defense contractors pursuing CMMC compliance.

Controls Covered (5)

si-3-14-1 si-3-14-2 si-3-14-5 au-3-3-1 sc-3-13-1

Partially Covered (3)

mp-3-8-1 ra-3-11-1 ac-3-1-1

Not Covered (3)

ia-3-5-1 pe-3-10-1 cm-3-4-1

Implementation Notes

Deploy Abnormal Security with FIPS-validated configurations. Integrate with your SIEM for centralized audit logging. Review partial controls quarterly to identify supplementary tooling needs.

More Email Security Products

Proofpoint

Proofpoint — 7% coverage

Mimecast

Mimecast — 6% coverage

Barracuda Email Security

Barracuda Networks — 5% coverage

Area 1 Security

Cloudflare — 5% coverage

Implementation Guidance for Abnormal Security

Configure Abnormal Security to satisfy NIST 800-171 requirements by implementing these key settings: For Access Control (AC) family, enable role-based email access controls and configure user authentication policies through the admin console. Set up multi-factor authentication requirements and define user privilege levels for email security management. For System and Information Integrity (SI) controls, activate real-time email threat detection and configure automated response policies for malicious emails. Enable the API integration with SIEM systems to generate audit logs for assessment evidence. Configure email encryption policies and data loss prevention rules to address System and Communications Protection (SC) requirements. For Audit and Accountability (AU) controls, enable comprehensive logging of all email security events and configure log retention policies for at least one year. Generate compliance reports through the dashboard showing blocked threats, policy violations, and user access patterns. Integrate Abnormal Security with existing security tools by configuring SAML/SSO integration with identity providers, API connections to SIEM platforms like Splunk or QRadar, and webhook notifications to security orchestration tools. Common misconfigurations include failing to enable comprehensive audit logging, not configuring proper email encryption policies, inadequate retention periods for security logs, and missing integration with organizational identity management systems. These gaps often result in C3PAO findings during CMMC assessments.

Gap Analysis & Compensating Controls

The 3 uncovered NIST 800-171 controls represent significant compliance gaps primarily in Configuration Management (CM), Incident Response (IR), and Personnel Security (PS) families. Configuration Management gaps require implementing tools like Nessus or Rapid7 for vulnerability scanning and configuration baselines, as email security alone cannot address system hardening requirements. Document these gaps in your System Security Plan by identifying Abnormal Security's scope limitations and creating POA&M entries for each uncovered control. For Incident Response deficiencies, deploy a dedicated IR platform like Phantom or Demisto to handle non-email security incidents and establish formal incident response procedures. Personnel Security gaps necessitate background investigation tracking systems and insider threat monitoring tools beyond email scope. Priority order for gap closure should focus first on Configuration Management controls (highest CMMC assessment weight), followed by Incident Response capabilities, then Personnel Security documentation systems. Compensating controls include implementing network segmentation, enhanced monitoring through additional SIEM correlation rules, and documented manual processes for areas where technical controls are insufficient. These gaps must be clearly articulated in assessment documentation with specific timelines and responsible parties identified for remediation efforts.

Compliance Cost Estimate

Abnormal Security licensing typically ranges from $3-7 per user per month depending on feature set and organization size, with enterprise packages starting around $36-84 annually per user. Implementation costs include 2-4 weeks of professional services at $150-200/hour for initial configuration, policy setup, and integration work, totaling $15,000-40,000 for mid-sized defense contractors. Ongoing monitoring costs involve dedicated security analyst time (0.25-0.5 FTE) for alert triage, policy tuning, and compliance reporting activities. Compared to competitors like Proofpoint or Mimecast, Abnormal Security offers competitive per-user pricing but may require additional tools to achieve comprehensive NIST 800-171 coverage, potentially increasing total compliance costs. The AI-driven approach can reduce analyst overhead compared to signature-based solutions, offering long-term operational cost benefits for organizations with limited security staff resources.

Compliance Cross-References

Abnormal Security directly supports DFARS 252.204-7012 requirements for safeguarding covered defense information by providing email-based data loss prevention and encryption capabilities. For CMMC Level 2 domains, the solution addresses portions of Access Control (AC.L2-3.1.1, AC.L2-3.1.2), System and Information Integrity (SI.L2-3.14.1, SI.L2-3.14.2), and System and Communications Protection (SC.L2-3.13.1) assessment objectives. The FedRAMP control mapping includes AC-2 (Account Management), SI-3 (Malicious Code Protection), SC-7 (Boundary Protection), and AU-2 (Event Logging) with moderate impact baseline alignment. CMMC assessment objectives satisfied include demonstrating controlled access to email systems, malicious content filtering, and audit trail generation for email security events. However, additional tools are required for objectives related to system configuration management, comprehensive incident response, media protection, physical security, and personnel screening requirements that fall outside email security scope.

Frequently Asked Questions

How many NIST 800-171 controls does Abnormal Security cover?

Abnormal Security covers 5 of 110 NIST 800-171 controls (5%), with 3 partially covered and 3 gaps.

Can Abnormal Security alone satisfy CMMC Level 2?

No single tool covers all 110 NIST 800-171 controls. Abnormal Security covers 5% and should be part of a layered security stack addressing the remaining controls.

What controls does Abnormal Security not cover?

Abnormal Security does not cover controls ia-3-5-1, pe-3-10-1, cm-3-4-1. These require supplementary solutions such as physical security controls, additional access management, or media protection tools.

Map Your Full Security Stack

See NIST 800-171 control coverage for 80+ security products.

Open NIST Tool Mapper

Track Abnormal Security NIST 800-171 coverage updates with AI-powered intelligence

Signals matches SAM.gov opportunities to your profile, monitors regulatory changes, and alerts you before competitors. Free for 90 days.

Start Free — 90 Days

← All NIST Tool Mappings

Implementation Guidance for Abnormal Security

Gap Analysis & Compensating Controls

Compliance Cost Estimate

Compliance Cross-References

Frequently Asked Questions

How many NIST 800-171 controls does Abnormal Security cover?

Abnormal Security covers 5 of 110 NIST 800-171 controls (5%), with 3 partially covered and 3 gaps.

Can Abnormal Security alone satisfy CMMC Level 2?

No single tool covers all 110 NIST 800-171 controls. Abnormal Security covers 5% and should be part of a layered security stack addressing the remaining controls.