Title

Annual procedural reviews must be conducted at the site. (Cat II impact)

Discussion

A regular review of current email security policies and procedures is necessary to maintain the desired security posture of Email services. Policies and procedures should be measured against current Department of Defense (DoD) policy, Security Technical Implementation Guide (STIG) guidance, vendor-specific guidance and recommendations, and site-specific or other security policy.

Check Content

Review the EDSP and implementation evidence showing that annual reviews of Email Services Information Assurance (IA) policy and procedures are done. If procedures are followed annually or more frequently, this is not a finding.

Fix Text

Document review procedures in the EDSP. Include annual review schedules and plans to conduct them.

Additional Identifiers

Rule ID: SV-20630r3_rule

Vulnerability ID: V-18857

Group Title: EMG3-015 Procedural Review

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.