Annual procedural reviews must be conducted at the site.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18857 | EMG3-015 EMail | SV-20630r1_rule | DCAR-1 | Medium |
| Description |
|---|
| A regular review of current E-mail security policies and procedures is necessary to maintain the desired security posture of E-mail services. Policies and procedures should be measured against current Department of Defense (DoD) policy, Security Technical Implementation Guide (STIG) guidance, vendor-specific guidance and recommendations, and site-specific or other security policy. |
| STIG | Date |
|---|---|
| Email Services Policy | 2012-01-31 |
Details
| Check Text ( C-22671r1_chk ) |
|---|
| Review procedures and implementation evidence of annual reviews of Exchange E-mail Services Information Assurance (IA) policy and procedures. If procedures do not exist, are incomplete, or are not implemented and followed annually or more frequently, then this is a finding. Criteria: If procedures exist, are complete, and annual reviews are conducted annually, this is not a finding. |
| Fix Text (F-19565r1_fix) |
|---|
| Procedure: Ensure that procedures exist, and that annual reviews are scheduled and completed. |