E-mail Public Folders do not require S/MIME capable clients.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18744	EMG2-327 Exch2K3	SV-20431r1_rule	ECSC-1	High

Description
Identification and Authentication provide the foundation for access control. The ability for receiving users to authenticate the source of Public Folder messages helps to ensure that they are not FORGED or SPOOFED before they arrive. MIME (Multipurpose Internet Mail Extensions) is an Internet standard that extends the format of E-mail and other web content to support ASCII and other character sets in both the message and header, text and non-text attachments, and multi-part message bodies. All human-originating E-Mail messages are transmitted in MIME format. S/MIME (Secure / Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of e-mail encapsulated in MIME. Participants in S/MIME message exchanges must obtain and install an individual key/certificate from the DoD. S/MIME clients will require that each participant own a certificate before allowing message encrypting to others. To minimize attack vectors revealed by lack of signed or encrypted documents, all clients in the enterprise must be updated to support S/MIME, and all mail servers must require S/MIME capability.

Description

Identification and Authentication provide the foundation for access control. The ability for receiving users to authenticate the source of Public Folder messages helps to ensure that they are not FORGED or SPOOFED before they arrive. MIME (Multipurpose Internet Mail Extensions) is an Internet standard that extends the format of E-mail and other web content to support ASCII and other character sets in both the message and header, text and non-text attachments, and multi-part message bodies. All human-originating E-Mail messages are transmitted in MIME format. S/MIME (Secure / Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of e-mail encapsulated in MIME. Participants in S/MIME message exchanges must obtain and install an individual key/certificate from the DoD. S/MIME clients will require that each participant own a certificate before allowing message encrypting to others. To minimize attack vectors revealed by lack of signed or encrypted documents, all clients in the enterprise must be updated to support S/MIME, and all mail servers must require S/MIME capability.

STIG	Date
Microsoft Exchange Server 2003	2014-08-19

Details

Check Text ( C-22466r1_chk )
If Public Folders are not in use at the site, this is N/A. Ensure that Public Folders require S/MIME capable clients. Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> Servers >> [server name] >> [storage group] >> Public Folder store [server name] >> Properties >> General tab The “clients support S/MIME signatures” should be selected. Criteria: If “clients support S/MIME signatures” is selected, this is not a finding.

Check Text ( C-22466r1_chk )

If Public Folders are not in use at the site, this is N/A.

Ensure that Public Folders require S/MIME capable clients.

Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> Servers >> [server name] >> [storage group] >> Public Folder store [server name] >> Properties >> General tab

The “clients support S/MIME signatures” should be selected.

Criteria: If “clients support S/MIME signatures” is selected, this is not a finding.

Fix Text (F-19394r1_fix)
Require S/MIME capable clients. Procedure: Exchange System Manager >> administrative groups >> [administrative group] >> servers >> [server name] >> [storage group] >> Public Folder store [server name] >> properties >> General tab Select the “clients support S/MIME signatures” checkbox.