Title

Annual procedural reviews are not conducted at the site. (Cat II impact)

Discussion

A regular review of current E-mail security policies and procedures is necessary to maintain the desired security posture of E-mail services. Policies and procedures should be measured against current Department of Defense (DoD) policy, Security Technical Implementation Guide (STIG) guidance, vendor-specific guidance and recommendations, and site-specific or other security policy.

Check Content

Review procedures and implementation evidence of annual reviews of Exchange 2003 E-mail Services Information Assurance (IA) policy and procedures. If procedures do not exist, are incomplete, or are not implemented and followed annually or more frequently, then this is a finding. Criteria: If procedures exist, are complete, and annual reviews are conducted annually, this is not a finding.

Fix Text

Procedure: Ensure that procedures exist, and that annual reviews are scheduled and completed.

Additional Identifiers

Rule ID: SV-20630r1_rule

Vulnerability ID: V-18857

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.