UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Email Configuration Management (CM) procedures must be implemented.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18864 EMG3-045 EMail SV-20644r2_rule DCPR-1 Medium
Description
Uncontrolled, untested, or unmanaged changes can result in an unreliable security posture. All software libraries related to email services must be reviewed, considered, and the responsibility for CM assigned to ensure no libraries or configurations are left unaddressed. This is true even if CM responsibilities appear to cross organizational boundaries. Ensure patches, configurations, and upgrades are addressed. Process steps should have specific procedures and responsibilities assigned to individuals.
STIG Date
Email Services Policy STIG 2013-07-11

Details

Check Text ( C-22457r2_chk )
Access the EDSP and confirm CM procedures and assignments are documented. Examine artifacts that show the processes have been implemented.

If CM procedures are documented and implemented, this is not a finding.
Fix Text (F-19570r2_fix)
Document Configuration Management procedures in the EDSP. Implement the CM procedures as documented.