Exchange must strip hyperlink email sources from non-.mil domains.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-69909	EX13-EG-000285	SV-84531r1_rule		High

Description
Active hyperlinks within an email are susceptible to attacks of malicious software or malware. The hyperlink could lead to a malware infection or redirect the website to another fraudulent website without the user's consent or knowledge. Exchange does not have a built-in message filtering capability. DoD Enterprise Email (DEE) has created a custom resolution to filter messages from non-.mil users that have hyperlinks in the message body. The hyperlink within the messages will be modified, preventing end users from automatically clicking links.

Description

Active hyperlinks within an email are susceptible to attacks of malicious software or malware. The hyperlink could lead to a malware infection or redirect the website to another fraudulent website without the user's consent or knowledge. Exchange does not have a built-in message filtering capability. DoD Enterprise Email (DEE) has created a custom resolution to filter messages from non-.mil users that have hyperlinks in the message body. The hyperlink within the messages will be modified, preventing end users from automatically clicking links.

STIG	Date
MS Exchange 2013 Edge Transport Server Security Technical Implementation Guide	2017-01-04

Details

Check Text ( C-70377r1_chk )
Note: If using another DoD-approved antispam product for email or a DoD-approved Email Gateway spamming device, such as Enterprise Email Security Gateway (EEMSG), this is not applicable. Review the Email Domain Security Plan (EDSP). Determine the name of the Transport Agent. Open the Windows PowerShell console and enter the following command: Get-TransportAgent -Name 'customAgent' \| FL If the value does not return customAgent, this is a finding. Note: customAgent is the name of the custom agent developed to strip hyperlink email sources from non .mil domains and must be in quotes.

Check Text ( C-70377r1_chk )

Note: If using another DoD-approved antispam product for email or a DoD-approved Email Gateway spamming device, such as Enterprise Email Security Gateway (EEMSG), this is not applicable.

Review the Email Domain Security Plan (EDSP).

Determine the name of the Transport Agent.

Open the Windows PowerShell console and enter the following command:

Get-TransportAgent -Name 'customAgent' | FL

If the value does not return customAgent, this is a finding.

Note: customAgent is the name of the custom agent developed to strip hyperlink email sources from non .mil domains and must be in quotes.

Fix Text (F-76139r1_fix)
Update the EDSP. Contact the DISA Enterprise Email Service Desk at disa.tinker.eis.mbx.dod-enterprise-services-service-desk@mail.mil and request the Agent and installation procedures. or Contact DEE Engineering PMO and request the Agent and installation procedures.