UCF STIG Viewer Logo

Administrator audit logging must be enabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33609 Exch-2-823 SV-44029r2_rule Medium
Description
Unauthorized or malicious data changes can compromise the integrity and usefulness of the data. Automated attacks or malicious users with elevated privileges have the ability to affect change using the same mechanisms as email administrators. Auditing changes to access mechanisms not only supports accountability and non-repudiation for those authorized to define the environment but also enables investigation of changes made by others who may not be authorized. Note: This administrator auditing feature audits all exchange changes regardless of the users' assigned role or permissions.
STIG Date
Exchange 2010 Client Access Server STIG 2017-01-03

Details

Check Text ( C-41716r1_chk )
Open the Exchange Management Shell and enter the following command:

Get-AdminAuditLogConfig | Select AdminAuditLogEnabled

If the value of 'AdminAuditLogEnabled' is not set to 'True', this is a finding.

Fix Text (F-37501r1_fix)
Open the Exchange Management Shell and enter the following command:

Set-AdminAuditLogConfig -AdminAuditLogEnabled $true