Exchange software must be monitored for unauthorized changes.

Quick Actions

We are continuing to improve Stigviewer and we are planning on rolling out new services in the near future. Would you like to be part of the conversation on what those features should be? If so, click here.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-259701	EX19-MB-000197	SV-259701r1015279_rule		Medium

Description

Monitoring software files for changes against a baseline on a regular basis may help detect the possible introduction of malicious code on a system.

STIG	Date
Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide	2024-08-22

Details

Check Text (C-63440r942415_chk)

Review the Email Domain Security Plan (EDSP).

Determine whether the site monitors system files (e.g., *.exe, *.bat, *.com, *.cmd, and *.dll) on servers for unauthorized changes against a baseline on a weekly basis.

If software files are not monitored for unauthorized changes, this is a finding.

Note: An approved and properly configured solution will contain both a list of baselines that includes all system file locations and a file comparison task that is scheduled to run at least weekly.

Fix Text (F-63348r942416_fix)

Update the EDSP to specify that the organization monitors system files on servers for unauthorized changes against a baseline on a weekly basis or verify that this information is documented by the organization.

Monitor the software files (e.g., *.exe, *.bat, *.com, *.cmd, and *.dll) on Exchange servers for unauthorized changes against a baseline on a weekly basis.

Note: This can be done with the use of various monitoring tools.

STIG VIEWER