Email acceptable use policy must be documented in the Email Domain Security Plan (EDSP).

Part of EMG0-090 Email Acceptable Use Policy

Associated with IA controls: PRRB-1

SV-20683r3_rule Email acceptable use policy must be documented in the Email Domain Security Plan (EDSP).

Vulnerability discussion

Email is only as secure as the recipient, which is ultimately person who is receiving messages. Also to consider, the surest way to prevent SPAM and other malware from entering the email message transport path is by using secure IA measures at the point of origin. Here again, this is ultimately a person, who is sending messages. An Email Acceptable Use Policy is a set of rules that describe expected user behavior with regard to email messages. Formal creation and use of an Email Acceptable Use policy protects both organization and users by declaring boundaries, operational processes, and user training for such tasks as Help Desk procedures, legal considerations and email based threats that may be encountered. The Email Acceptable Use Policy should be distributed to and signed by each email user, as a requirement for obtaining an email account.

Check content

Access the EDSP documentation that describes the Email Acceptable Use Policy that is followed at the site. If the Email Acceptable Use Policy is documented in the EDSP, this is not a finding.

Fix text

Implement an Email Acceptable Use Policy that is documented in the EDSP and that requires a signature by each user.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.