| V-33628 | High | Email servers must have Email aware virus protection. | With the proliferation of trojans, viruses, and SPAM attaching themselves to email messages (or attachments), it is necessary to have capable email Aware Anti-Virus (AV) products to scan messages... |
| V-33600 | Medium | Mailboxes must be retained until backups are complete. | Backup and recovery procedures are an important part of overall system availability and integrity. Complete backups reduce the chance of accidental deletion of important information, and make it... |
| V-33606 | Medium | Email Diagnostic log level must be set to low or lowest level. | Log files help establish a history of activities, and can be useful in detecting attack attempts or determining tuning adjustments to improve availability. Diagnostic logging, however,... |
| V-33604 | Medium | Mailbox databases must reside on a dedicated partition. | In the same way that added security layers can provide a cumulative positive effect on security posture, multiple applications can provide a cumulative negative effect. A vulnerability and... |
| V-33605 | Medium | Email forwarding must be restricted. | Auto-forwarded email accounts do not meet the requirement for digital signature and encryption of CUI and PII IAW DoDI 8520.2 (reference ee) and DoD Director for Administration and Management... |
| V-33608 | Medium | The Send Fatal Errors to Microsoft must be disabled. | Log files help establish a history of activities, and can be useful in detecting attack attempts or determining tuning adjustments to improve availability. This setting enables an automated log... |
| V-33609 | Medium | Administrator audit logging must be enabled. | Unauthorized or malicious data changes can compromise the integrity and usefulness of the data. Automated attacks or malicious users with elevated privileges have the ability to affect change... |
| V-33580 | Medium | Public Folder stores must be retained until backups are complete. | Backup and recovery procedures are an important part of overall system availability and integrity. Complete backups reduce the chance of accidental deletion of important information, and make it... |
| V-33620 | Medium | Email software must be monitored for change on INFOCON frequency schedule. | The INFOCON system provides a framework within which the Commander USSTRATCOM regional commanders, service chiefs, base/post/camp/station/vessel commanders, or agency directors can increase the... |
| V-33621 | Medium | Exchange software baseline copy must exist. | Exchange software, as with other application software installed on a host system, must be included in a system baseline record and periodically reviewed; otherwise unauthorized changes to the... |
| V-33623 | Medium | Services must be documented and unnecessary services must be removed or disabled. | Unneeded, but running, services offer attackers an enhanced attack profile, and attackers are constantly watching to discover open ports with running services. By analyzing and disabling... |
| V-33625 | Medium | Email application must not share a partition with another application. | In the same way that added security layers can provide a cumulative positive effect on security posture, multiple applications can provide a cumulative negative effect. A vulnerability and... |
| V-33626 | Medium | Servers must use approved DoD certificates. | Server certificates are required for many security features in Exchange; without them the server cannot engage in many forms of secure communication.
Failure to implement valid certificates makes... |
| V-33629 | Medium | The current, approved service pack must be installed.
| Failure to install the most current Exchange service pack leaves a system vulnerable to exploitation. Current service packs correct known security and system vulnerabilities.
|
| V-33615 | Medium | Message Tracking Logging must be enabled. | A message tracking log provides a detailed log of all message activity as messages are transferred to and from a computer running Exchange.
If events are not recorded it may be difficult or... |
| V-33614 | Medium | Email Subject Line logging must be disabled. | Log files help establish a history of activities, and can be useful in detecting attack attempts or determining tuning adjustments to improve availability. When “message tracking” is enabled,... |
| V-33616 | Medium | Exchange must not send Customer Experience reports to Microsoft. | Log files help establish a history of activities, and can be useful in detecting attack attempts or determining tuning adjustments to improve availability. This setting enables an automated entry... |
| V-33611 | Medium | Audit data must be protected against unauthorized access. | Log files help establish a history of activities, and can be useful in detecting attack attempts or determining tuning adjustments to improve availability. Audit log content must always be... |
| V-33613 | Medium | Exchange application directory must be protected from unauthorized access. | Default product installations may provide more generous access permissions than are necessary to run the application. By examining and tailoring access permissions to more closely provide the... |
| V-33619 | Medium | Queue monitoring must be configured with threshold and action. | Monitors are automated “process watchers” that respond to performance changes, and can be useful in detecting outages and alerting administrators where attention is needed. Exchange has built-in... |
| V-33618 | Medium | Audit data must be on separate partitions. | Log files help establish a history of activities, and can be useful in detecting attack attempts or determining tuning adjustments to improve availability. Audit log content must always be... |
| V-39160 | Medium | Email forwarding SMTP domains must be restricted. | Auto-forwarded email accounts do not meet the requirement for digital signature and encryption of CUI and PII IAW DoDI 8520.2 (reference ee) and DoD Director for Administration and Management... |
| V-33632 | Medium | Local machine policy must require signed scripts. | Scripts often provide a way for attackers to infiltrate a system, especially those downloaded from untrusted locations. By setting machine policy to prevent unauthorized script executions,... |
| V-33593 | Low | Mail Store storage quota must limit send. | Mail quota settings control the maximum sizes of a user’s mailbox and the system’s response if these limits are exceeded. Mailbox data that is not monitored against a quota increases the risk of... |
| V-33602 | Low | Mailbox database must not be overwritten by a restore. | Email system availability depends in part on best practices strategies for setting tuning configurations. Unauthorized or accidental restoration of mailbox data risks data loss or corruption. ... |
| V-33582 | Low | Public Folder database must not be overwritten by a restore. | Email system availability depends in part on best practices strategies for setting tuning configurations. Unauthorized or accidental restoration of public folder data risks data loss or... |
| V-33573 | Low | Public Store storage quota must be limited. | This setting controls the maximum sizes of a Public Folder and the system’s response if these limits are exceeded. There are two available controls and the system response when the quota has been... |
| V-33577 | Low | The Public Folder Stores must mount at startup. | Administrator responsibilities include the ability to react to unplanned maintenance tasks or emergency situations that may require Public Folder Store data manipulation. Occasionally, there may... |
| V-33617 | Low | Audit record parameters must be set. | Log files help establish a history of activities, and can be useful in detecting attack attempts. This item declares the fields that must be available in the audit log file in order to... |
| V-33612 | Low | Circular Logging must be disabled. | Logging provides a history of events performed, and can also provide evidence of tampering or attack. Failure to create and preserve logs adds to the risk that suspicious events may go unnoticed,... |
| V-33597 | Low | The Mailbox Stores must mount at startup. | Administrator responsibilities include the ability to react to unplanned maintenance tasks or emergency situations that may require Mailbox data manipulation. Occasionally, there may be a need to... |
| V-33595 | Low | Mail Store storage quota must issue a warning. | Mail quota settings control the maximum sizes of a user’s mailbox and the system’s response if these limits are exceeded. Mailbox data that is not monitored against a quota increases the risk of... |
| V-33591 | Low | Mail quota settings must not restrict receiving mail. | Mail quota settings control the maximum sizes of a user’s mailbox and the system’s response if these limits are exceeded. Mailbox data that is not monitored against a quota increases the risk of... |
