Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-18727 | EMG2-317 Exch2K3 | SV-20397r1_rule | ECSC-1 | Low |
Description |
---|
For E-mail environments with sufficiently sensitive requirements (either legal or data classification), local e-mail policy may require that all messages sent or received from a given server be preserved. If local policy requires it for historical or litigation purposes, this feature enables Exchange 2003 to retain a full copy of each message that is received by or sent from this mailbox store. Additional setup is also needed, in that a user, distribution list, contact, or Public Folder to whom all messages will be copied, must be selected. Also known as “Journaling”, this setting is used to provide a “paper trail” of all correspondence that passes through the server. Journaled messages should always be stored on a separate dedicated journaling server, with protections similar to those granted log and audit files. The System Security plan should document the remote location, user account, and mailbox store that is used to host the message copy data. |
STIG | Date |
---|---|
Microsoft Exchange Server 2003 | 2014-08-19 |
Check Text ( C-22448r1_chk ) |
---|
For sites that do not require full E-Mail Message Archiving, this check is N/A. Procedure: Exchange System manager >>Administrative Groups >> [administrative group] >> servers >> [server name]>> [storage group] >> Mailbox store [server name] >> properties >> General tab The “Archive all message sent or received by mailboxes on this store” should be checked. Criteria: If “Archive all message sent or received by mailboxes on this store” is checked, this is not a finding. |
Fix Text (F-19376r1_fix) |
---|
Configure Message Archiving. Procedure: Exchange System manager >>Administrative Groups >> [administrative group] >> servers >> [server name]>> [storage group] >> Mailbox store [server name] >> properties >> General tab Select the “Archive all message sent or received by mailboxes on this store” check box. |