UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Exchange must have Administrator audit logging enabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-69941 EX13-MB-000005 SV-84563r1_rule Medium
Description
Unauthorized or malicious data changes can compromise the integrity and usefulness of the data. Automated attacks or malicious users with elevated privileges have the ability to effect change using the same mechanisms as email administrators. Auditing changes to access mechanisms not only supports accountability and nonrepudiation for those authorized to define the environment but also enables investigation of changes made by others who may not be authorized. Note: This administrator auditing feature audits all exchange changes regardless of the users' assigned role or permissions.
STIG Date
MS Exchange 2013 Mailbox Server Security Technical Implementation Guide 2017-04-06

Details

Check Text ( C-70411r1_chk )
Open the Exchange Management Shell and enter the following command:

Get-AdminAuditLogConfig | Select Name, AdminAuditLogEnabled

If the value of AdminAuditLogEnabled is not set to True, this is a finding.
Fix Text (F-76173r1_fix)
Open the Exchange Management Shell and enter the following command:

Set-AdminAuditLogConfig -AdminAuditLogEnabled $true