Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
E-mail application installation is sharing a partition with another application.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18731 | EMG3-115 Exch2K3 | SV-20405r1_rule | DCPA-1 | Medium |
| Description |
|---|
| In the same way that added security layers can provide a cumulative positive effect on security posture, multiple applications can provide a cumulative negative effect. A vulnerability and subsequent exploit to one application can lead to an exploit of other applications sharing the same security context. For example, an exploit to a web server process that leads to unauthorized administrative access to the host system can most likely lead to a compromise of all applications hosted by the same system. E-Mail services should be installed to a descrete set of directories, on a partition that does not host other applications. E-Mail services should never be installed on a Domain Controller / Directory Services server. |
| STIG | Date |
|---|---|
| Microsoft Exchange Server 2003 | 2014-08-19 |
Details
| Check Text ( C-22452r1_chk ) |
|---|
| Interview the E-mail Administrator. Procedure: Start >> Programs >> All Programs. Review all the programs listed to ensure that no E-mail servers, office programs, database programs, etc., are installed. If they are, ask the E-mail Administrator about their function and purpose. Criteria: If E-mail services reside on dedicated directories or partitions and do not co-host other applications (without associated approval from the IAO), this is not a finding. |
| Fix Text (F-19380r1_fix) |
|---|
| Procedure: Install E-mail services on dedicated partitions. E-mail services software must not share a directory or partition with other software or the host operating system. |