UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Email Services Policy



Findings (MAC III - Administrative Classified)

Finding ID Severity Title
V-19546 High E-mail services and servers must be protected by routing all SMTP traffic through an Edge Transport Server.
V-19548 High E-mail web services must be protected by having an application proxy server outside the enclave.
V-18857 Medium Annual procedural reviews must be conducted at the site.
V-18884 Medium E-mail critical software copies must be stored offsite in a fire rated container.
V-18877 Medium E-mail Administrator Groups must ensure least privilege.
V-18883 Medium E-mail backups must meet schedule or storage requirements.
V-18882 Medium E-mail backup and recovery data must be protected.
V-18880 Medium Audit logs must be included in weekly backups.
V-18864 Medium E-Mail Configuration Management (CM) procedures must be implemented.
V-18879 Medium E-mail audit records must be retained for 1 year.
V-18867 Medium Email Services must be documented in System Security Plan.
V-18868 Low E-mail software installation account usage must be logged.
V-18881 Low The E-mail backup and recovery strategy must be documented and tested on an INFOCON compliant frequency.
V-18865 Low The E-mail Administrator role must be assigned and authorized by the IAO.
V-18885 Low E-mail acceptable use policy must be documented in the System Security Plan and does require annual user review.
V-18869 Low E-mail audit trails must be reviewed daily.
V-18886 Low E-mail Acceptable Use Policy must contain required elements.