Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-18744 | EMG2-327 Exch2K3 | SV-20431r1_rule | ECSC-1 | High |
Description |
---|
Identification and Authentication provide the foundation for access control. The ability for receiving users to authenticate the source of Public Folder messages helps to ensure that they are not FORGED or SPOOFED before they arrive. MIME (Multipurpose Internet Mail Extensions) is an Internet standard that extends the format of E-mail and other web content to support ASCII and other character sets in both the message and header, text and non-text attachments, and multi-part message bodies. All human-originating E-Mail messages are transmitted in MIME format. S/MIME (Secure / Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of e-mail encapsulated in MIME. Participants in S/MIME message exchanges must obtain and install an individual key/certificate from the DoD. S/MIME clients will require that each participant own a certificate before allowing message encrypting to others. To minimize attack vectors revealed by lack of signed or encrypted documents, all clients in the enterprise must be updated to support S/MIME, and all mail servers must require S/MIME capability. |
STIG | Date |
---|---|
Microsoft Exchange Server 2003 | 2014-08-19 |
Check Text ( C-22466r1_chk ) |
---|
If Public Folders are not in use at the site, this is N/A. Ensure that Public Folders require S/MIME capable clients. Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> Servers >> [server name] >> [storage group] >> Public Folder store [server name] >> Properties >> General tab The “clients support S/MIME signatures” should be selected. Criteria: If “clients support S/MIME signatures” is selected, this is not a finding. |
Fix Text (F-19394r1_fix) |
---|
Require S/MIME capable clients. Procedure: Exchange System Manager >> administrative groups >> [administrative group] >> servers >> [server name] >> [storage group] >> Public Folder store [server name] >> properties >> General tab Select the “clients support S/MIME signatures” checkbox. |