An error occurred:

Check: EMG2-327 Exch2K3

Microsoft Exchange Server 2003: EMG2-327 Exch2K3 (in version v1 r5)

Title

E-mail Public Folders do not require S/MIME capable clients. (Cat I impact)

Discussion

Identification and Authentication provide the foundation for access control. The ability for receiving users to authenticate the source of Public Folder messages helps to ensure that they are not FORGED or SPOOFED before they arrive. MIME (Multipurpose Internet Mail Extensions) is an Internet standard that extends the format of E-mail and other web content to support ASCII and other character sets in both the message and header, text and non-text attachments, and multi-part message bodies. All human-originating E-Mail messages are transmitted in MIME format. S/MIME (Secure / Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of e-mail encapsulated in MIME. Participants in S/MIME message exchanges must obtain and install an individual key/certificate from the DoD. S/MIME clients will require that each participant own a certificate before allowing message encrypting to others. To minimize attack vectors revealed by lack of signed or encrypted documents, all clients in the enterprise must be updated to support S/MIME, and all mail servers must require S/MIME capability.

Check Content

If Public Folders are not in use at the site, this is N/A. Ensure that Public Folders require S/MIME capable clients. Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> Servers >> [server name] >> [storage group] >> Public Folder store [server name] >> Properties >> General tab The “clients support S/MIME signatures” should be selected. Criteria: If “clients support S/MIME signatures” is selected, this is not a finding.

Fix Text

Require S/MIME capable clients. Procedure: Exchange System Manager >> administrative groups >> [administrative group] >> servers >> [server name] >> [storage group] >> Public Folder store [server name] >> properties >> General tab Select the “clients support S/MIME signatures” checkbox.

Additional Identifiers

Rule ID: SV-20431r1_rule

Vulnerability ID: V-18744

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check