Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-18664 | EMG2-017 Exch2K3 | SV-20272r1_rule | ECSC-1 | Medium |
Description |
---|
SPAM origination sites and other sources of suspected E-Mail borne malware have the ability to corrupt, compromise, or otherwise limit availability of E-Mail servers. Limiting exposure to inbound messages is one type of filtering that can reduce the risk of SPAM and malware impacts. Ideally, 'Block List' filtering is done at the perimeter of the network (using a commercial 'Block List' service), because eliminating threats there prevents them being evaluated inside the enclave where there is more risk they can do harm. Block List Exceptions are used to specify sources that should not be blocked despite their presence in a block list. Exceptions, if used, should be carefully vetted to ensure they are sources of legitimate email. |
STIG | Date |
---|---|
Microsoft Exchange Server 2003 | 2014-08-19 |
Check Text ( C-22383r1_chk ) |
---|
Interview the E-mail Administrator or the IAO. Request documentation that indicates Block List Services filters are in place, with no exceptions (or exceptions documented as to reasons), on an E-mail Secure Gateway outside the enclave at the network perimeter. Criteria: If Block List Exceptions are configured and approved on an Edge Transport Server role (perimeter-based E-mail Secure Gateway), this is not a finding. |
Fix Text (F-19311r1_fix) |
---|
Implement perimeter-based protection in the form of a secure E-mail filtering mechanism that performs, among other protections, Block List exceptions filtering for SPAM elimination prior to forwarding message traffic to mailbox servers. |