UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

MS Exchange 2013 Edge Transport Server Security Technical Implementation Guide


Overview

Date Finding Count (72)
2017-01-04 CAT I (High): 4 CAT II (Med): 57 CAT III (Low): 11
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Classified)

Finding ID Severity Title
V-69931 High Exchange internal Receive connectors must require encryption.
V-69927 High Exchange must provide redundancy.
V-69909 High Exchange must strip hyperlink email sources from non-.mil domains.
V-69933 High Exchange internal Send connectors must require encryption.
V-69937 Medium The applications built-in Malware Agent must be disabled.
V-69815 Medium Exchange internal Send connectors must use domain security (mutual authentication Transport Layer Security).
V-69913 Medium The Exchange software baseline copy must exist.
V-69817 Medium Exchange Internet-facing Receive connectors must offer Transport Layer Security (TLS) before using basic authentication.
V-69915 Medium Exchange software must be monitored for unauthorized changes.
V-69811 Medium The Exchange local machine policy must require signed scripts.
V-69917 Medium Exchange services must be documented and unnecessary services must be removed or disabled.
V-69813 Medium Exchange Internet-facing Send connectors must specify a Smart Host.
V-69919 Medium Exchange software must be installed on a separate partition from the OS.
V-69835 Medium Exchange Receive connector Maximum Hop Count must be 60.
V-69855 Medium Exchange Receive connectors must control the number of recipients per message.
V-69939 Medium A DoD-approved third party Exchange-aware malicious code protection application must be implemented.
V-69935 Medium Exchange must have the most current, approved service pack installed.
V-69795 Medium Exchange Connectivity logging must be enabled.
V-69803 Medium Exchange Send Fatal Errors to Microsoft must be disabled.
V-69807 Medium Exchange audit data must be protected against unauthorized access for deletion.
V-69789 Medium Exchange must have auto-forwarding of email to remote domains disabled or restricted.
V-69785 Medium Exchange servers must use approved DoD certificates.
V-69787 Medium Exchange must have accepted domains configured.
V-69865 Medium Exchange filtered messages must be archived.
V-69867 Medium The Exchange Sender filter must block unaccepted domains.
V-69861 Medium Exchange messages with a blank sender field must be rejected.
V-69863 Medium Exchange messages with a blank sender field must be filtered.
V-69887 Medium Exchange external/Internet-bound automated response messages must be disabled.
V-69885 Medium Exchange must not send automated replies to remote domains.
V-69869 Medium Exchange nonexistent recipients must not be blocked.
V-69881 Medium Exchange messages with malformed From address must be rejected.
V-69923 Medium Exchange must not send nondelivery reports to remote domains.
V-69821 Medium Exchange Outbound Connection Limit per Domain Count must be controlled.
V-69925 Medium Exchange must not send delivery reports to remote domains.
V-69921 Medium The Exchange SMTP automated banner response must not reveal server details.
V-69907 Medium Exchange Sender Identification Framework must be enabled.
V-69905 Medium Exchange must have antispam filtering configured.
V-69903 Medium Exchange must have antispam filtering enabled.
V-69809 Medium Exchange audit data must be on separate partitions.
V-69819 Medium Exchange Outbound Connection Timeout must be 10 minutes or less.
V-69801 Medium Exchange Audit data must be protected against unauthorized access (read access).
V-69877 Medium The Exchange Spam Evaluation filter must be enabled.
V-69901 Medium Exchange must have antispam filtering installed.
V-69799 Medium Exchange must not send Customer Experience reports to Microsoft.
V-69879 Medium The Exchange Block List service provider must be identified.
V-69805 Medium Exchange audit data must be protected against unauthorized access for modification.
V-69793 Medium The Exchange email Diagnostic log level must be set to the lowest level.
V-69889 Medium The Exchange Recipient filter must be enabled.
V-69891 Medium The Exchange tarpitting interval must be set.
V-69797 Medium Exchange Queue monitoring must be configured with threshold and action.
V-69929 Medium Exchange internal Send connectors must use an authentication level.
V-69895 Medium Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List entries must be empty.
V-69873 Medium The Exchange Sender Reputation filter must identify the spam block level.
V-69871 Medium The Exchange Sender Reputation filter must be enabled.
V-69899 Medium The Exchange Simple Mail Transfer Protocol (SMTP) Sender filter must be enabled.
V-69875 Medium Exchange Attachment filtering must remove undesirable attachments by file type.
V-69783 Medium Exchange must limit the Receive connector timeout.
V-69911 Medium The Exchange application directory must be protected from unauthorized access.
V-69897 Medium The Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List Connection filter must be enabled.
V-69791 Medium Exchange external Receive connectors must be domain secure-enabled.
V-69893 Medium Exchange internal Receive connectors must not allow anonymous connections.
V-69837 Low Exchange Receive connectors must be clearly named.
V-69831 Low Exchange Send connectors delivery retries must be controlled.
V-69859 Low Exchange Message size restrictions must be controlled on Receive connectors.
V-69839 Low Exchange Receive connectors must control the number of recipients chunked on a single message.
V-69823 Low Exchange Global Outbound Message size must be controlled.
V-69825 Low Exchange Global Inbound Message size must be controlled.
V-69827 Low Exchange Send connector connections count must be limited.
V-69829 Low Exchange message size restrictions must be controlled on Send connectors.
V-69857 Low The Exchange Internet Receive connector connections count must be set to default.
V-69833 Low Exchange Send connectors must be clearly named.
V-69883 Low The Exchange Global Recipient Count Limit must be set.