UCF STIG Viewer Logo

Exchange 2010 Hub Transport Server STIG


Overview

Date Finding Count (43)
2017-01-04 CAT I (High): 0 CAT II (Med): 28 CAT III (Low): 15
STIG Description
The Microsoft Exchange Server 2010 STIGs cover four of the five roles available with Microsoft Exchange Server 2010. The Email Services Policy STIG must also be reviewed for each site hosting email services. Also, for the Client Access server, the IIS guidance must be reviewed prior to the OWA checks. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Public)

Finding ID Severity Title
V-33567 Medium Internal Receive Connectors must require encryption.
V-33566 Medium Internal Receive Connectors must not allow anonymous connections.
V-33603 Medium Exchange must not send auto replies to remote domains.
V-33601 Medium External/Internet bound automated response messages must be disabled.
V-33606 Medium Email Diagnostic log level must be set to low or lowest level.
V-33590 Medium Internal Send Connectors must use Domain Security (Mutual Authentication TLS).
V-33608 Medium The Send Fatal Errors to Microsoft must be disabled.
V-33609 Medium Administrator audit logging must be enabled.
V-33629 Medium The current, approved service pack must be installed.
V-33621 Medium Exchange software baseline copy must exist.
V-33623 Medium Services must be documented and unnecessary services must be removed or disabled.
V-33625 Medium Email application must not share a partition with another application.
V-33626 Medium Servers must use approved DoD certificates.
V-60981 Medium Internal Send Connectors must use an authentication level
V-33576 Medium Auto-forwarding email to remote domains must be disabled or restricted.
V-33616 Medium Exchange must not send Customer Experience reports to Microsoft.
V-33611 Medium Audit data must be protected against unauthorized access.
V-33613 Medium Exchange application directory must be protected from unauthorized access.
V-33620 Medium Email software must be monitored for change on INFOCON frequency schedule.
V-33619 Medium Queue monitoring must be configured with threshold and action.
V-33618 Medium Audit data must be on separate partitions.
V-33598 Medium Exchange must not send delivery reports to remote domains.
V-33599 Medium Exchange must not send non-delivery reports to remote domains.
V-33596 Medium Connectivity logging must be enabled.
V-33632 Medium Local machine policy must require signed scripts.
V-33594 Medium Internet facing send Connectors must specify a Smart Host.
V-33592 Medium Internal Send Connectors must require encryption.
V-33634 Medium SMTP automated banner response must not reveal server details.
V-33561 Low Message size restrictions must be controlled on Receive connectors.
V-33564 Low Receive Connector timeout must be limited.
V-33583 Low Send Connectors must be clearly named.
V-33587 Low Message size restrictions must be controlled on Send connectors.
V-33586 Low Send Connectors delivery retries must be controlled.
V-33589 Low Send Connector connections count must be limited.
V-33624 Low Global inbound message size must be controlled.
V-33627 Low Global outbound message size must be controlled.
V-33572 Low Receive Connectors must control the number of recipients per message.
V-33575 Low Receive Connectors must be clearly named.
V-33579 Low Receive Connector Maximum Hop Count must be 60.
V-33617 Low Audit record parameters must be set.
V-33630 Low Global recipient count limit must be set.
V-33635 Low Outbound Connection Limit per Domain Count must be controlled.
V-33646 Low Outbound Connection Timeout must be 10 or less.