UCF STIG Viewer Logo

Email acceptable use policy must be documented in the Email Domain Security Plan (EDSP).


Finding ID Version Rule ID IA Controls Severity
V-18885 EMG0-090 EMail SV-20683r3_rule PRRB-1 Low
Email is only as secure as the recipient, which is ultimately person who is receiving messages. Also to consider, the surest way to prevent SPAM and other malware from entering the email message transport path is by using secure IA measures at the point of origin. Here again, this is ultimately a person, who is sending messages. An Email Acceptable Use Policy is a set of rules that describe expected user behavior with regard to email messages. Formal creation and use of an Email Acceptable Use policy protects both organization and users by declaring boundaries, operational processes, and user training for such tasks as Help Desk procedures, legal considerations and email based threats that may be encountered. The Email Acceptable Use Policy should be distributed to and signed by each email user, as a requirement for obtaining an email account.
Email Services Policy STIG 2015-08-07


Check Text ( C-22539r3_chk )
Access the EDSP documentation that describes the Email Acceptable Use Policy that is followed at the site.

If the Email Acceptable Use Policy is documented in the EDSP, this is not a finding.
Fix Text (F-19581r3_fix)
Implement an Email Acceptable Use Policy that is documented in the EDSP and that requires a signature by each user.