UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Email acceptable use policy must be renewed annually.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33389 EMG0-093 EMail SV-43808r1_rule Low
Description
An Email Acceptable Use Policy is a set of rules that describe IA operation and expected user behavior with regard to email services. Formal creation and use of an Email Acceptable Use policy protects both organization and users by declaring boundaries, operational processes, and user training surrounding helpdesk procedures, legal constraints and email based threats that may be encountered. The Email Acceptable Use Policy must be annually updated, then subject to renewal by users. Requiring signed acknowledgement of the policy would constitute continued access to the email system.
STIG Date
Email Services Policy STIG 2013-12-11

Details

Check Text ( C-41596r2_chk )
Access the EDSP documentation that describes the Email Acceptable Use Policy. Verify there is a stated requirement for users to renew annually.

If the Email Acceptable Use Policy requires annual user renewal with signature acknowledgement, this is not a finding.
Fix Text (F-37315r2_fix)
Implement a review and renewal process for the Email Acceptable Use Policy that requires annual renewal and signature acknowledgement. Document the process in the EDSP.