UCF STIG Viewer Logo

ECIM-1 Instant Messaging


Instant messaging traffic to and from instant messaging clients that are independently configured by end users and that interact with a public service provider is prohibited within DoD information systems. Both inbound and outbound public service instant messaging traffic is blocked at the enclave boundary. Note: This does not include IM services that are configured by a DoD AIS application or enclave to perform an authorized and official function.

MAC / CONF Impact Subject Area
Medium Enclave Computing Environment


Uncontrolled instant messaging traffic could allow unauthorized users to gain access to the protected services.  This would result in unauthorized disclosure, modification, or destruction of critical system data.  This implementation guide is aimed to help network administrators implement controlled instant messaging traffic within DoD information systems.

1. The network administrator shall install DOD authorized instant messaging services on the system servers and workstations in support of authorized and official functions (e.g., collaboration, file transfer).
2. The network administrator shall configure the instant messaging client on user workstations not to allow users to change baseline client configuration.
3. The network administrator/telecommunications specialist shall configure the enclave boundary protection mechanisms (e.g., firewall, router) to block both inbound and outbound public service instant messaging traffic (e.g., the rule set for this service should have “DENY”) except for the instant message services that are configured by a DOD AIS application or enclave to perform authorized and official functions.
4. The project management shall ensure that system users (government employees and contractors) take regular security trainings related to the use of instant message services and privacy issues and that users follow the Rules of Behavior.


  • DISA CISCO IOS Router Checklist, Version 5, Release 2.1, 01 June 2004
  • DISA Jupiter Router Checklist, Version 5, Release 2.1, 17 June 2004
  • DISA Network STIG, 29 October 2004
  • DISA Network Infrastructure STIG, Section 3.0, 29 September 2003
  • NSA Guide to Securing Netscape 7.02, 24 June 2003
  • NSA Guide to Secure Configuration and Administration of Microsoft Exchange 2000, 15 December 2004
  • NIST SP 800-45, Guidelines on Electronic Mail Security, September 2002
  • Vendors’ security administration for network devices (e.g., firewall, router) (Refer to if no DSSA/NSA/NIST/USG guidance is available)