Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Annual procedural reviews must be conducted at the site.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18857 | EMG3-015 EMail | SV-20630r1_rule | DCAR-1 | Medium |
| Description |
|---|
| A regular review of current E-mail security policies and procedures is necessary to maintain the desired security posture of E-mail services. Policies and procedures should be measured against current Department of Defense (DoD) policy, Security Technical Implementation Guide (STIG) guidance, vendor-specific guidance and recommendations, and site-specific or other security policy. |
| STIG | Date |
|---|---|
| Email Services Policy | 2012-01-31 |
Details
| Check Text ( C-22671r1_chk ) |
|---|
| Review procedures and implementation evidence of annual reviews of Exchange E-mail Services Information Assurance (IA) policy and procedures. If procedures do not exist, are incomplete, or are not implemented and followed annually or more frequently, then this is a finding. Criteria: If procedures exist, are complete, and annual reviews are conducted annually, this is not a finding. |
| Fix Text (F-19565r1_fix) |
|---|
| Procedure: Ensure that procedures exist, and that annual reviews are scheduled and completed. |