| V-33629 | Medium | The current, approved service pack must be installed.
| Failure to install the most current Exchange service pack leaves a system vulnerable to exploitation. Current service packs correct known security and system vulnerabilities.
|
| V-33620 | Medium | Email software must be monitored for change on INFOCON frequency schedule. | The INFOCON system provides a framework within which the Commander USSTRATCOM regional commanders, service chiefs, base/post/camp/station/vessel commanders, or agency directors can increase the... |
| V-33621 | Medium | Exchange software baseline copy must exist. | Exchange software, as with other application software installed on a host system, must be included in a system baseline record and periodically reviewed; otherwise unauthorized changes to the... |
| V-33623 | Medium | Services must be documented and unnecessary services must be removed or disabled. | Unneeded, but running, services offer attackers an enhanced attack profile, and attackers are constantly watching to discover open ports with running services. By analyzing and disabling... |
| V-33625 | Medium | Email application must not share a partition with another application. | In the same way that added security layers can provide a cumulative positive effect on security posture, multiple applications can provide a cumulative negative effect. A vulnerability and... |
| V-33626 | Medium | Servers must use approved DoD certificates. | Server certificates are required for many security features in Exchange; without them the server cannot engage in many forms of secure communication.
Failure to implement valid certificates makes... |
| V-33616 | Medium | Exchange must not send Customer Experience reports to Microsoft. | Log files help establish a history of activities, and can be useful in detecting attack attempts or determining tuning adjustments to improve availability. This setting enables an automated entry... |
| V-33611 | Medium | Audit data must be protected against unauthorized access. | Log files help establish a history of activities, and can be useful in detecting attack attempts or determining tuning adjustments to improve availability. Audit log content must always be... |
| V-33613 | Medium | Exchange application directory must be protected from unauthorized access. | Default product installations may provide more generous access permissions than are necessary to run the application. By examining and tailoring access permissions to more closely provide the... |
| V-33632 | Medium | Local machine policy must require signed scripts. | Scripts often provide a way for attackers to infiltrate a system, especially those downloaded from untrusted locations. By setting machine policy to prevent unauthorized script executions,... |
| V-33606 | Medium | Email Diagnostic log level must be set to lowest level. | Log files help establish a history of activities, and can be useful in detecting attack attempts or determining tuning adjustments to improve availability. Diagnostic logging, however,... |
| V-33608 | Medium | The Send Fatal Errors to Microsoft must be disabled. | Log files help establish a history of activities, and can be useful in detecting attack attempts or determining tuning adjustments to improve availability. This setting enables an automated log... |
| V-33619 | Medium | Queue monitoring must be configured with threshold and action. | Monitors are automated 'process watchers' that respond to performance changes, and can be useful in detecting outages and alerting administrators where attention is needed. Exchange has built-in... |
| V-33618 | Medium | Audit data must be on separate partitions. | Log files help establish a history of activities, and can be useful in detecting attack attempts or determining tuning adjustments to improve availability. Audit log content must always be... |
