Check: EMG3-010 EMail
Email Services Policy STIG:
EMG3-010 EMail
(in version v2 r6)
Title
Email critical software copies must be stored off-site in a fire-rated container. (Cat II impact)
Discussion
There is always potential that accidental loss can cause system loss and that restoration will be needed. In the event that the installation site is compromised, damaged or destroyed copies of critical software media may be needed to recover the systems and become operational. Copies of the operating system (OS) and other critical software, such as email services applications must be created and stored off-site in a fire-rated container. If a site experiences loss or compromise of the installed software libraries, available copies can reduce the risk and shorten the time period for a successful email services recovery.
Check Content
Access the EDSP and review the email application software offline storage plan. Examine artifacts showing that copies exist and are stored off-site in fire-rated containers. If an email software copy exists and is stored off-site in a fire-rated container, this is not a finding.
Fix Text
Create email software copies for use in recovering systems, and store them off-site and in fire-rated containers. Document the off-site storage details in the EDSP.
Additional Identifiers
Rule ID: SV-20681r3_rule
Vulnerability ID: V-18884
Group Title: EMG3-010 Software Critical Copies
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |