E-mail software installation account usage must be logged.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18868 | EMG3-028 EMail | SV-20652r1_rule | ECPA-1 | Low |
| Description |
|---|
| E-mail Administrator or application owner accounts are granted more enhanced privileges than non-privileged users. It is especially important to grant access to privileged accounts to only those persons who are qualified and authorized to use them. Each use of the account should be logged to demonstrate this accountability. |
| STIG | Date |
|---|---|
| Email Services Policy | 2012-01-31 |
Details
| Check Text ( C-22676r1_chk ) |
|---|
| Procedure: Interview the IAO or E-mail Administator. Verify implementation of logging procedures defined for use of the Exchange 2003 installation account. Criteria: If E-mail software installation account usage is logged, this is not a finding. |
| Fix Text (F-19572r1_fix) |
|---|
| Procedure: Develop and implement a logging procedure for use of the E-Mail software installation account that provides accountability to individuals for any actions taken by the account. |