E-mail software is not monitored for change on INFOCON frequency schedule.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18741	EMG3-058 Exch2K3	SV-20425r1_rule	DCSL-1	Medium

Description
The INFOCON system provides a framework within which the Commander USSTRATCOM regional commanders, service chiefs, base/post/camp/station/vessel commanders, or agency directors can increase the measurable readiness of their networks to match operational priorities. The readiness strategy provides the ability to continuously maintain and sustain one’s own information systems and networks throughout their schedule of deployments, exercises and operational readiness life cycle independent of network attacks or threats. The system provides a framework of prescribed actions and cycles necessary for reestablishing the confidence level and security of information systems for the commander and thereby supporting the entire Global Information Grid (GIG) (SD 527-1 Purpose). The Exchange software files and directories as well as the files and directories of dependent applications are vulnerable to unauthorized changes if not adequately protected. An unauthorized change could affect the integrity or availability of e-mail services overall. For this reason, all application software installations must monitor for change against a software baseline that is preserved when installed, and updated periodically as patches or upgrades are installed. Automated and manual schedules for software change monitoring must be compliant with SD527-1 frequencies.

Description

The INFOCON system provides a framework within which the Commander USSTRATCOM regional commanders, service chiefs, base/post/camp/station/vessel commanders, or agency directors can increase the measurable readiness of their networks to match operational priorities. The readiness strategy provides the ability to continuously maintain and sustain one’s own information systems and networks throughout their schedule of deployments, exercises and operational readiness life cycle independent of network attacks or threats. The system provides a framework of prescribed actions and cycles necessary for reestablishing the confidence level and security of information systems for the commander and thereby supporting the entire Global Information Grid (GIG) (SD 527-1 Purpose). The Exchange software files and directories as well as the files and directories of dependent applications are vulnerable to unauthorized changes if not adequately protected. An unauthorized change could affect the integrity or availability of e-mail services overall. For this reason, all application software installations must monitor for change against a software baseline that is preserved when installed, and updated periodically as patches or upgrades are installed. Automated and manual schedules for software change monitoring must be compliant with SD527-1 frequencies.

STIG	Date
Microsoft Exchange Server 2003	2014-08-19

Details

Check Text ( C-22463r1_chk )
Verify the software change monitoring schedule. Procedure: Interview the E-Mail Administrator or IAO to ascertain current INFOCON level history, and ask for software modification detection procedures in place. Review reports for inclusion of the Exchange 2003 executable and configuration files. Criteria: If E-mail software is monitored for changes as required by the INFOCON levels, this is not a finding.

Check Text ( C-22463r1_chk )

Verify the software change monitoring schedule.

Procedure: Interview the E-Mail Administrator or IAO to ascertain current INFOCON level history, and ask for software modification detection procedures in place. Review reports for inclusion of the Exchange 2003 executable and configuration files.

Criteria: If E-mail software is monitored for changes as required by the INFOCON levels, this is not a finding.

Fix Text (F-19391r1_fix)
Procedure: Establish procedures to monitor any changes made to E-mail Services software. Identify files and directories to be included in the host system and provide these to the person responsible for backups. Verify that E-mail software libraries are monitored for change according to SD527-1 INFOCON levels.