Email application must not share a partition with another application.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33625	Exch-3-807	SV-44045r3_rule		Medium

Description
In the same way that added security layers can provide a cumulative positive effect on security posture, multiple applications can provide a cumulative negative effect. A vulnerability and subsequent exploit to one application can lead to an exploit of other applications sharing the same security context. For example, an exploit to a web server process that leads to unauthorized administrative access to the host system can most likely lead to a compromise of all applications hosted by the same system. Email services should be installed on a partition that does not host other applications. Email services should never be installed on a Domain Controller / Directory Services server.

Description

In the same way that added security layers can provide a cumulative positive effect on security posture, multiple applications can provide a cumulative negative effect. A vulnerability and subsequent exploit to one application can lead to an exploit of other applications sharing the same security context. For example, an exploit to a web server process that leads to unauthorized administrative access to the host system can most likely lead to a compromise of all applications hosted by the same system. Email services should be installed on a partition that does not host other applications. Email services should never be installed on a Domain Controller / Directory Services server.

STIG	Date
MS Exchange 2010 Edge Transport Server STIG	2019-03-21

Details

Check Text ( C-41732r3_chk )
Access Windows Explorer and identify the OS partition. Navigate to configured partitions, and access the ‘Program Files’ directory. Make note of the installation partition for Microsoft Exchange. If Microsoft Exchange resides on a partition other than that of the OS, and does not have other applications installed, this is not a finding. Note: In the case where additional applications are installed on the same partition as Microsoft Exchange, and each of those additional applications have been documented and had a risk assessment completed by the ISSO/ISSM, this is not a finding.

Check Text ( C-41732r3_chk )

Access Windows Explorer and identify the OS partition. Navigate to configured partitions, and access the ‘Program Files’ directory.

Make note of the installation partition for Microsoft Exchange.

If Microsoft Exchange resides on a partition other than that of the OS, and does not have other applications installed, this is not a finding.
Note: In the case where additional applications are installed on the same partition as Microsoft Exchange, and each of those additional applications have been documented and had a risk assessment completed by the ISSO/ISSM, this is not a finding.

Fix Text (F-37517r1_fix)
Install Exchange on a dedicated application partition separate than that of the OS.