UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Mail must be configured using SSL.


Overview

Finding ID Version Rule ID IA Controls Severity
V-25354 OSX00525 M6 SV-38567r1_rule ECCT-1 ECCT-2 Medium
Description
When setting up user mail accounts, select "use SSL" in advanced options. This setting is for the Mail app included with OS X. Instructions will be different for other mail applications, but all mail applications should be set up secured using some form of encryption.
STIG Date
MAC OSX 10.6 Workstation Security Technical Implementation Guide Draft 2013-01-10

Details

Check Text ( C-37761r1_chk )
NOTE: If you are not using the Mac Mail Application, this check does not apply.

Choose Mail > Preferences, and then click Accounts.
Select an account, and then click Advanced.
Ensure "Use SSL" is selected.
From the Authentication pop-up menu, ensure an authentication method is selected (e.g., MD5 Challenge-Response, NTLM, Kerberos Version 5 (GSSAPI), or Authenticated POP (APOP)).

If not, this is a finding.

Click Account Information.
From the Outgoing Mail Server (SMTP) pop-up menu, select Edit Server List.
From the server list, select the outgoing mail server, and then click Advanced.
Ensure Secure Socket Layer (SSL) is selected.
From the Authentication pop-up menu, ensure an authentication method is selected (e.g., MD5 Challenge-Response, NTLM, Kerberos Version 5 (GSSAPI), or Authenticated POP (APOP)).
If not, this is a finding.
Fix Text (F-33005r1_fix)
Choose Mail > Preferences, Click Accounts.
Select an account, Click Advanced.
Select "Use SSL".
From the Authentication pop-up menu, select authentication method (e.g., MD5 Challenge-Response, NTLM, Kerberos Version 5 (GSSAPI), or Authenticated POP (APOP)).
Click Account Information.
From the Outgoing Mail Server (SMTP) pop-up menu, select Edit Server List.
From the server list, select your outgoing mail server and then click Advanced.
Select "Secure Socket Layer (SSL)".
From the Authentication pop-up menu, select authentication method (e.g., MD5 Challenge-Response, NTLM, Kerberos Version 5 (GSSAPI), or Authenticated POP (APOP)).
Close the preferences window, and then click "Save" in the message that appears.