Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-33389 | EMG0-093 EMail | SV-43808r1_rule | Low |
Description |
---|
An Email Acceptable Use Policy is a set of rules that describe IA operation and expected user behavior with regard to email services. Formal creation and use of an Email Acceptable Use policy protects both organization and users by declaring boundaries, operational processes, and user training surrounding helpdesk procedures, legal constraints and email based threats that may be encountered. The Email Acceptable Use Policy must be annually updated, then subject to renewal by users. Requiring signed acknowledgement of the policy would constitute continued access to the email system. |
STIG | Date |
---|---|
Email Services Policy STIG | 2013-07-11 |
Check Text ( C-41596r2_chk ) |
---|
Access the EDSP documentation that describes the Email Acceptable Use Policy. Verify there is a stated requirement for users to renew annually. If the Email Acceptable Use Policy requires annual user renewal with signature acknowledgement, this is not a finding. |
Fix Text (F-37315r2_fix) |
---|
Implement a review and renewal process for the Email Acceptable Use Policy that requires annual renewal and signature acknowledgement. Document the process in the EDSP. |