Email Configuration Management (CM) procedures must be implemented.

Part of EMG3-045 Email Configuration Management

Associated with IA controls: DCPR-1

SV-20644r3_rule Email Configuration Management (CM) procedures must be implemented.

Vulnerability discussion

Uncontrolled, untested, or unmanaged changes can result in an unreliable security posture. All software libraries related to email services must be reviewed, considered, and the responsibility for CM assigned to ensure no libraries or configurations are left unaddressed. This is true even if CM responsibilities appear to cross organizational boundaries. Ensure patches, configurations, and upgrades are addressed. Process steps should have specific procedures and responsibilities assigned to individuals.

Check content

Access the EDSP and confirm CM procedures and assignments are documented. Examine artifacts that show the processes have been implemented. If CM procedures are documented and implemented, this is not a finding.

Fix text

Document Configuration Management procedures in the EDSP. Implement the CM procedures as documented.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.