The Exchange Public Store storage quota must be limited.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-70051	EX13-MB-000280	SV-84673r1_rule		Low

Description
This setting controls the maximum sizes of a public folder and the system’s response if these limits are exceeded. There are two available controls and the system response when the quota has been exceeded. The first control sends an email warning to Folder Owners roles, alerting them that the folder has exceeded its quota. The second level prevents posting any additional items to the folder. As a practical matter, Level 1 serves the purpose of prompting owners to manage their folders. Level 2 impedes users in their ability to work and is not required where folder use interruption is not acceptable. Public Folder Storage Quota Limitations are not a substitute for overall disk space monitoring.

Description

This setting controls the maximum sizes of a public folder and the system’s response if these limits are exceeded. There are two available controls and the system response when the quota has been exceeded. The first control sends an email warning to Folder Owners roles, alerting them that the folder has exceeded its quota. The second level prevents posting any additional items to the folder. As a practical matter, Level 1 serves the purpose of prompting owners to manage their folders. Level 2 impedes users in their ability to work and is not required where folder use interruption is not acceptable. Public Folder Storage Quota Limitations are not a substitute for overall disk space monitoring.

STIG	Date
MS Exchange 2013 Mailbox Server Security Technical Implementation Guide	2019-12-23

Details

Check Text ( C-70525r1_chk )
If public folders are not used, this check is not applicable. Review the Email Domain Security Plan (EDSP). Determine the value for ProhibitPostQuota. Open the Exchange Management Shell and enter the following command: Get-PublicFolderDatabase \| Select Name, Identity, ProhibitPostQuota If the value of ProhibitPostQuota is not set to the ProhibitPostQuota values documented in the EDSP, this is a finding.

Check Text ( C-70525r1_chk )

If public folders are not used, this check is not applicable.

Review the Email Domain Security Plan (EDSP).

Determine the value for ProhibitPostQuota.

Open the Exchange Management Shell and enter the following command:

Get-PublicFolderDatabase | Select Name, Identity, ProhibitPostQuota

If the value of ProhibitPostQuota is not set to the ProhibitPostQuota values documented in the EDSP, this is a finding.

Fix Text (F-76287r1_fix)
Update the EDSP. Open the Exchange Management Shell and enter the following command: Set-PublicFolderDatabase -Identity <'IdentityName'> -ProhibitPostQuota <'QuotaLimit'> Note: The and values must be in quotes.