Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-18884 | EMG3-010 EMail | SV-20681r1_rule | COSW-1 | Medium |
Description |
---|
There is always potential that accidental loss can cause system loss and that restoration will be needed. In the event that the installation site is compromised, damaged or destroyed, copies of critical software media may be needed to recover the systems and become operational. Copies of the operating system (OS) and other critical software such as E-mail services applications must be created and stored off site in a fire rated container. If a site experiences loss or compromise of the installed software libraries, available copies can reduce the risk and shorten the time period for a successful E-mail services recovery. |
STIG | Date |
---|---|
Email Services Policy | 2012-01-31 |
Check Text ( C-22538r1_chk ) |
---|
Interview the E-Mail Administrator or IAO. Reference a copy of the System Security Plan. Procedure: Review the application software baseline procedures and implementation evidence. Review the list of files and directories included in the baseline procedure for completeness. Criteria: If E-mail software copy exists to serve as a baseline and is available for comparison during scanning efforts, this is not a finding. |
Fix Text (F-19497r1_fix) |
---|
Procedure: Create E-mail Software Copies for use in recovering systems, should they be needed. Ensure that the copies are stored off site and that details are documented in the system security plan. |