Annual procedural reviews must be conducted at the site.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18857 | EMG3-015 EMail | SV-20630r3_rule | DCAR-1 | Medium |
| Description |
|---|
| A regular review of current email security policies and procedures is necessary to maintain the desired security posture of Email services. Policies and procedures should be measured against current Department of Defense (DoD) policy, Security Technical Implementation Guide (STIG) guidance, vendor-specific guidance and recommendations, and site-specific or other security policy. |
| STIG | Date |
|---|---|
| Email Services Policy STIG | 2015-08-07 |
Details
| Check Text ( C-22671r5_chk ) |
|---|
| Review the EDSP and implementation evidence showing that annual reviews of Email Services Information Assurance (IA) policy and procedures are done. If procedures are followed annually or more frequently, this is not a finding. |
| Fix Text (F-19565r2_fix) |
|---|
| Document review procedures in the EDSP. Include annual review schedules and plans to conduct them. |