The Exchange local machine policy must require signed scripts.

Quick Actions

We are continuing to improve Stigviewer and we are planning on rolling out new services in the near future. Would you like to be part of the conversation on what those features should be? If so, click here.

Featured Partners

Web page built by Cyber Protection Services

Check out our new AI-powered GRC tool here .
Compliance Dictionary

Standardizes and unifies compliance terms.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-221216	EX16-ED-000150	SV-221216r960954_rule		Medium

Description

Scripts, especially those downloaded from untrusted locations, often provide a way for attackers to infiltrate a system. By setting machine policy to prevent unauthorized script executions, unanticipated system impacts can be avoided.

STIG	Date
Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide	2024-12-06

Details

Check Text (C-22931r411774_chk)

Open the Exchange Management Shell and enter the following command:

Get-ExecutionPolicy

If the value returned is not "RemoteSigned", this is a finding.

Fix Text (F-22920r411775_fix)

Open the Exchange Management Shell and enter the following command:

Set-ExecutionPolicy RemoteSigned

STIG VIEWER