Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Exchange software must be monitored for change.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| Exch-111 | Exch-111 | Exch-111_rule | Medium |
| Description |
|---|
| Exchange software, as with other application software installed on a host system, must be included in a system baseline record and periodically reviewed; otherwise unauthorized changes to the software may not be discovered. This effort is a vital step to securing the host and the applications, as it is the only method that may provide the ability to detect and recover from otherwise undetected changes, such as those that result from worm or bot intrusions. Comparing system files against a baseline on a regular basis will detect the possibility of introduction of malicious code on the system. Note: A properly configured HBSS Policy Auditor 5.2 or later, File Integrity Monitor (FIM) module will meet the requirement for file integrity checking. The Asset module within HBSS does not meet this requirement. |
| STIG | Date |
|---|---|
| Microsoft Exchange 2010 Core Server | 2012-05-31 |
Details
| Check Text ( C-_chk ) |
|---|
| Interview the SA to determine if the site uses a tool to compare system files (*.exe, *.bat, *.com, *.cmd, and *.dll) on servers against a baseline, on a weekly basis. If not, this is a finding. |
| Fix Text (F-_fix) |
|---|
| The site should use a tool to compare system files (*.exe, *.bat, *.com, *.cmd, and *.dll) on servers against a baseline, on a weekly basis. |