UCF STIG Viewer Logo

Microsoft Exchange 2010 Hub Transport Server Role


Overview

Date Finding Count (19)
2012-05-31 CAT I (High): 0 CAT II (Med): 9 CAT III (Low): 10
STIG Description
The Microsoft Exchange Server 2010 STIGs cover four of the five roles available with Microsoft Exchange Server 2010, plus core Exchange Server 2010 global requirements. The Email Services Policy STIG must also be reviewed for each site hosting email services. The core Exchange Server guidance must be reviewed on each server role prior to the role-specific guidance. Also, for the Client Access server, the IIS guidance must be reviewed prior to the OWA checks.

Available Profiles



Findings (MAC III - Administrative Classified)

Finding ID Severity Title
Exch-HB-205 Medium Receive Connector connection must be encrypted.
Exch-HB-204 Medium Receive Connector must restrict relay access.
EXCH-HB-322 Medium Send Connectors must use a Smart Hosts.
Exch-HB-213 Medium Send Connector message size must be controlled.
Exch-HB-206 Medium Receive Connectors must use Domain Security (Mutual Authentication TLS).
Exch-HB-216 Medium Send Connectors must use Domain Security (Mutual Authentication TLS).
Exch-HB-217 Medium Send Connectors must be encrypted.
Exch-HB-218 Medium Email application directory permissions must be restricted.
Exch-HB-219 Medium Connectivity logging must be enabled.
Exch-HB-203 Low Receive Connector timeout must be limited.
Exch-HB-202 Low Receive Connector connections count must be controlled.
Exch-HB-201 Low Receive Connector message size must be controlled.
Exch-HB-210 Low Receive Connectors must be clearly named.
Exch-HB-211 Low Send Connectors must be clearly named.
Exch-HB-214 Low Send Connector connections count must be limited.
Exch-HB-209 Low Receive Connectors must control the number of recipients 'chunked' on a single message.
Exch-HB-208 Low Receive Connectors must control the message count per inbound session.
Exch-HB-212 Low Send Connector delivery retries must be controlled.
Exch-HB-215 Low Send connections per domain must be set.