Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Exchange must provide Mailbox databases in a highly available and redundant configuration.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-228410 | EX16-MB-000670 | SV-228410r612748_rule | Medium |
| Description |
|---|
| Exchange Server mailbox databases and any data contained in those mailboxes should be protected. This can be accomplished by configuring Mailbox servers and databases for high availability and site resilience. A database availability group (DAG) is a component of the Mailbox server high availability and site resilience framework built into Microsoft Exchange Server 2016. A DAG is a group of Mailbox servers that hosts a set of databases and provides automatic database-level recovery from failures that affect individual servers or databases. A DAG is a boundary for mailbox database replication and database and server switchovers and failovers. Any server in a DAG can host a copy of a mailbox database from any other server in the DAG. When a server is added to a DAG, it works with the other servers in the DAG to provide automatic recovery from failures that affect mailbox databases, such as a disk, server, or network failure. |
| STIG | Date |
|---|---|
| Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide | 2021-03-25 |
Details
| Check Text ( C-30643r497026_chk ) |
|---|
| Review the Email Domain Security Plan (EDSP). Determine if the Exchange Mailbox databases are using redundancy. Open an Exchange Admin Center. Navigate to and select Microsoft Exchange >> Microsoft Exchange On - Premises In the right pane, if two or more Mailbox servers are not listed, this is a finding. |
| Fix Text (F-30628r497027_fix) |
|---|
| Update the EDSP to specify how Exchange Mailbox databases use redundancy. Add two or more Mailbox servers to the database availability group. |