Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
E-Mail Configuration Management (CM) procedures must be implemented.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18864 | EMG3-045 EMail | SV-20644r1_rule | DCPR-1 | Medium |
| Description |
|---|
| Uncontrolled, untested, or unmanaged changes can result in an unreliable security posture. All software libraries related to E-mail services must be reviewed, considered, and the responsibility for Configuration Management (CM) assigned to ensure that no libraries or configurations are left unaddressed. This is true even if CM responsibilities appear to cross organizational boundaries. |
| STIG | Date |
|---|---|
| Email Services Policy | 2012-01-31 |
Details
| Check Text ( C-22457r1_chk ) |
|---|
| Procedure: Interview the E-mail Administrator or the IAO to ask if CM procedures are in place to prevent untested and uncontrolled software modifications to the production system. Access documentation demonstrating process, scheduling, and signoff procedures. Criteria: If CM procedures are documented and implemented, this is not a finding. |
| Fix Text (F-19570r1_fix) |
|---|
| Procedure: Implement Configuration Management procedures; document them and follow them. Ensure that patches, configurations, and upgrades are addressed. Process steps should have specific procedures and responsibilities assigned. |