E-mail critical software copies must be stored offsite in a fire rated container.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18884	EMG3-010 EMail	SV-20681r1_rule	COSW-1	Medium

Description
There is always potential that accidental loss can cause system loss and that restoration will be needed. In the event that the installation site is compromised, damaged or destroyed, copies of critical software media may be needed to recover the systems and become operational. Copies of the operating system (OS) and other critical software such as E-mail services applications must be created and stored off site in a fire rated container. If a site experiences loss or compromise of the installed software libraries, available copies can reduce the risk and shorten the time period for a successful E-mail services recovery.

Description

There is always potential that accidental loss can cause system loss and that restoration will be needed. In the event that the installation site is compromised, damaged or destroyed, copies of critical software media may be needed to recover the systems and become operational. Copies of the operating system (OS) and other critical software such as E-mail services applications must be created and stored off site in a fire rated container. If a site experiences loss or compromise of the installed software libraries, available copies can reduce the risk and shorten the time period for a successful E-mail services recovery.

STIG	Date
Email Services Policy	2012-01-31

Details

Check Text ( C-22538r1_chk )
Interview the E-Mail Administrator or IAO. Reference a copy of the System Security Plan. Procedure: Review the application software baseline procedures and implementation evidence. Review the list of files and directories included in the baseline procedure for completeness. Criteria: If E-mail software copy exists to serve as a baseline and is available for comparison during scanning efforts, this is not a finding.

Check Text ( C-22538r1_chk )

Interview the E-Mail Administrator or IAO. Reference a copy of the System Security Plan.

Procedure: Review the application software baseline procedures and implementation evidence.
Review the list of files and directories included in the baseline procedure for completeness.

Criteria: If E-mail software copy exists to serve as a baseline and is available for comparison during scanning efforts, this is not a finding.

Fix Text (F-19497r1_fix)
Procedure: Create E-mail Software Copies for use in recovering systems, should they be needed. Ensure that the copies are stored off site and that details are documented in the system security plan.