UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Exchange Mailbox databases must reside on a dedicated partition.


Overview

Finding ID Version Rule ID IA Controls Severity
V-228373 EX16-MB-000200 SV-228373r612748_rule Medium
Description
In the same way that added security layers can provide a cumulative positive effect on security posture, multiple applications can provide a cumulative negative effect. A vulnerability and subsequent exploit to one application can lead to an exploit of other applications sharing the same security context. For example, an exploit to a web server process that leads to unauthorized administrative access to the host system can most likely lead to a compromise of all applications hosted by the same system. Email services should be installed to a discrete set of directories on a partition that does not host other applications. Email services should never be installed on a Domain Controller/Directory Services server.
STIG Date
Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide 2020-12-10

Details

Check Text ( C-30606r496915_chk )
Review the Email Domain Security Plan (EDSP) or document that contains this information.

Determine the location where the Exchange Mailbox databases reside.

Open the Exchange Management Shell and enter the following command:

Get-MailboxDatabase | Select Name, Identity, EdbFilePath

Open Windows Explorer, navigate to the mailbox databases, and verify they are on a dedicated partition.

If the mailbox databases are not on a dedicated partition, this is a finding.
Fix Text (F-30591r496916_fix)
Update the EDSP to specify the location where the Exchange Mailbox databases reside or verify that this information is documented by the organization.

Configure the mailbox databases on a dedicated partition.