Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Security support data or process is sharing a directory or partition with Exchange.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18742 | EMG3-802 Exch2K3 | SV-20427r1_rule | DCSP-1 | Medium |
| Description |
|---|
| The Security Support Structure is a security control function or service provided by an external system or application. For example, a Windows Domain Controller that provides Identification and Authentication Services (Active Directory) may be at risk of compromise if a co-resident application becomes compromised. The attacker can then use another system to control access to other parts of the domain. The vulnerabilities and associated risk of Exchange 2003 installed on a system that provides a security support structure is significantly higher than when installed with other functions that do not provide security support. For this reason, applications such as Exchange 2003 should never be co-resident on a server with Active Directory. |
| STIG | Date |
|---|---|
| Microsoft Exchange Server 2003 | 2014-08-19 |
Details
| Check Text ( C-22464r1_chk ) |
|---|
| Review documentation and the E-mail host servers. Procedure: Interview the E-mail Administrator or the IAO. Access System Security Plan documenation and the server being reviewed. Verify that Exchange 2003 is not installed on a Domain Controller or other Directory Services server. Criteria: If Exchange E-mail application is installed on a server that separate from domain security services, this is not a finding. |
| Fix Text (F-19392r1_fix) |
|---|
| Procedure: Install Exchange 2003 application to a dedicated host system. |