The Exchange email application must not share a partition with another application.

Quick Actions

We are continuing to improve Stigviewer and we are planning on rolling out new services in the near future. Would you like to be part of the conversation on what those features should be? If so, click here.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-259704	EX19-MB-000229	SV-259704r961608_rule		Medium

Description

In the same way that added security layers can provide a cumulative positive effect on security posture, multiple applications can provide a cumulative negative effect. A vulnerability and subsequent exploit to one application can lead to an exploit of other applications sharing the same security context. For example, an exploit to a web server process that leads to unauthorized administrative access to the host system can most likely lead to a compromise of all applications hosted by the same system. Email services should be installed on a partition that does not host other applications. Email services should never be installed on a Domain Controller/Directory Services server.

STIG	Date
Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide	2024-08-22

Details

Check Text (C-63443r942424_chk)

Review the Email Domain Security Plan (EDSP).

Determine if the directory Exchange is installed:

1. Open Windows Explorer.
2. Navigate to where Exchange is installed.

If Exchange resides on a directory or partition other than that of the operating system and does not have other applications installed (unless approved by the Information System Security Officer [ISSO]), this is not a finding.

Fix Text (F-63351r942425_fix)

Update the EDSP with the location of where Exchange is installed.

Install Exchange on a dedicated application directory or partition separate than that of the operating system.

STIG VIEWER