Email Administrator role must be assigned and authorized by the ISSO.

Part of EMG0-056 E-mail Administrator Role

Associated with IA controls: DCSD-1

SV-20646r3_rule Email Administrator role must be assigned and authorized by the ISSO.

Vulnerability discussion

Separation of roles supports operational security for application as well as human resources. Roles accompanied by elevated privileges, such as that of the Email Administrator, must be carefully regulated and monitored.All appointments to Information Assurance (IA) roles, such as Authorizing Officer (AO), System Security Manager (ISSM), and Information Systems Security Officer (ISSO) must be in writing, and include assigned duties and appointment criteria such as training, clearance and IT designation. The Email Administrator role is assigned and controlled by the ISSM. The ISSM role owns the responsibility to document responsibilities, privileges, training and scope for the Email Administrator role. It is with this definition that the ISSO is able to monitor assigned resources, ensuring that intended tasks are completed, and that elevated privileges are not used for purposes beyond their intended tasks.

Check content

Review the documented procedures for approval of Email Administrator Privileges. Review implementation evidence for the procedures. If the Email Administrator role is documented and authorized by the ISSO, this is not a finding.

Fix text

Establish a procedure that ensures the Email Administrator role is defined and authorized (assigned) as documented by the ISSO.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.