UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Email Administrator role must be assigned and authorized by the ISSO.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18865 EMG0-056 EMail SV-20646r3_rule DCSD-1 Low
Description
Separation of roles supports operational security for application as well as human resources. Roles accompanied by elevated privileges, such as that of the Email Administrator, must be carefully regulated and monitored. All appointments to Information Assurance (IA) roles, such as Authorizing Officer (AO), System Security Manager (ISSM), and Information Systems Security Officer (ISSO) must be in writing, and include assigned duties and appointment criteria such as training, clearance and IT designation. The Email Administrator role is assigned and controlled by the ISSM. The ISSM role owns the responsibility to document responsibilities, privileges, training and scope for the Email Administrator role. It is with this definition that the ISSO is able to monitor assigned resources, ensuring that intended tasks are completed, and that elevated privileges are not used for purposes beyond their intended tasks.
STIG Date
Email Services Policy STIG 2015-03-10

Details

Check Text ( C-22458r6_chk )
Review the documented procedures for approval of Email Administrator Privileges. Review implementation evidence for the procedures.

If the Email Administrator role is documented and authorized by the ISSO, this is not a finding.
Fix Text (F-19386r5_fix)
Establish a procedure that ensures the Email Administrator role is defined and authorized (assigned) as documented by the ISSO.