UCF STIG Viewer Logo

Microsoft Exchange 2013 Mailbox Server Security Technical Implementation Guide


Overview

Date Finding Count (70)
2021-12-16 CAT I (High): 1 CAT II (Med): 45 CAT III (Low): 24
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-207319 High Exchange servers must have an approved DoD email-aware virus protection software installed.
V-207295 Medium Exchange email forwarding must be restricted.
V-207296 Medium Exchange email-forwarding SMTP domains must be restricted.
V-207291 Medium Exchange Public Folder stores must be retained until backups are complete.
V-207290 Medium Exchange internal Send connectors must require encryption.
V-207293 Medium Exchange Mailboxes must be retained until backups are complete.
V-207331 Medium The Exchange SMTP automated banner response must not reveal server details.
V-207329 Medium Exchange must not send delivery reports to remote domains.
V-207313 Medium Exchange Internal Receive connectors must not allow anonymous connections.
V-207314 Medium Exchange external/Internet-bound automated response messages must be disabled.
V-207315 Medium Exchange must have antispam filtering installed.
V-207316 Medium Exchange must have antispam filtering enabled.
V-207317 Medium Exchange must have antispam filtering configured.
V-207318 Medium Exchange must not send automated replies to remote domains.
V-207289 Medium Exchange internal Receive connectors must use Domain Security (mutual authentication Transport Layer Security).
V-207279 Medium Exchange must not send Customer Experience reports to Microsoft.
V-207278 Medium Exchange must protect audit data against unauthorized read access.
V-207271 Medium The Exchange Email Diagnostic log level must be set to the lowest level.
V-207270 Medium Exchange Connectivity logging must be enabled.
V-207277 Medium Exchange Send Fatal Errors to Microsoft must be disabled.
V-207276 Medium Exchange Queue monitoring must be configured with threshold and action.
V-207275 Medium Exchange Message Tracking Logging must be enabled.
V-207274 Medium Exchange Email Subject Line logging must be disabled.
V-207269 Medium Exchange auto-forwarding email to remote domains must be disabled or restricted.
V-207288 Medium Exchange internal Receive connectors must require encryption.
V-207282 Medium Exchange Audit data must be on separate partitions.
V-207283 Medium Exchange Local machine policy must require signed scripts.
V-207280 Medium Exchange must protect audit data against unauthorized access.
V-207281 Medium Exchange must protect audit data against unauthorized deletion.
V-207286 Medium Exchange Mailbox databases must reside on a dedicated partition.
V-207287 Medium Exchange Internet-facing Send connectors must specify a Smart Host.
V-207284 Medium The Exchange IMAP4 service must be disabled.
V-207285 Medium The Exchange POP3 service must be disabled.
V-207323 Medium The Exchange application directory must be protected from unauthorized access.
V-207325 Medium Exchange software must be monitored for unauthorized changes.
V-207324 Medium An Exchange software baseline copy must exist.
V-207327 Medium Exchange Outlook Anywhere (OA) clients must use NTLM authentication to access email.
V-207326 Medium Exchange services must be documented and unnecessary services must be removed or disabled.
V-207330 Medium Exchange must not send nondelivery reports to remote domains.
V-207268 Medium Exchange Servers must use approved DoD certificates.
V-207336 Medium A DoD-approved third party Exchange-aware malicious code protection application must be implemented.
V-207267 Medium Exchange must have Administrator audit logging enabled.
V-207328 Medium The Exchange Email application must not share a partition with another application.
V-207335 Medium The applications built-in Malware Agent must be disabled.
V-207332 Medium Exchange must provide Mailbox databases in a highly available and redundant configuration.
V-207333 Medium Exchange must have the most current, approved service pack installed.
V-207294 Low The Exchange Mailbox database must not be overwritten by a restore.
V-207297 Low Exchange Mail quota settings must not restrict receiving mail.
V-207292 Low The Exchange Public Folder database must not be overwritten by a restore.
V-207299 Low The Exchange Mail Store storage quota must issue a warning.
V-207298 Low Exchange Mail Quota settings must not restrict receiving mail.
V-207305 Low Exchange Send connectors must be clearly named.
V-207310 Low The Exchange global outbound message size must be controlled.
V-207311 Low The Exchange Outbound Connection Limit per Domain Count must be controlled.
V-207312 Low The Exchange Outbound Connection Timeout must be 10 minutes or less.
V-207273 Low Exchange Circular Logging must be disabled.
V-207272 Low Exchange Audit record parameters must be set.
V-207321 Low The Exchange Receive connector timeout must be limited.
V-207320 Low The Exchange Global Recipient Count Limit must be set.
V-207322 Low The Exchange Public Store storage quota must be limited.
V-207303 Low Exchange Receive connectors must be clearly named.
V-207302 Low Exchange Receive connectors must control the number of recipients per message.
V-207301 Low Exchange Message size restrictions must be controlled on Receive connectors.
V-207300 Low Exchange Mailbox Stores must mount at startup.
V-207307 Low Exchange Message size restrictions must be controlled on Send connectors.
V-207306 Low Exchange Send connectors delivery retries must be controlled.
V-207304 Low The Exchange Receive Connector Maximum Hop Count must be 60.
V-207309 Low The Exchange global inbound message size must be controlled.
V-207308 Low The Exchange Send connector connections count must be limited.
V-207334 Low Exchange Public Folder Stores must mount at startup.