Detections
Analytics

CIS Microsoft Exchange Server 2013 CAS v1.1.0

Audit Details

Name: CIS Microsoft Exchange Server 2013 CAS v1.1.0

Updated: 6/17/2024

Authority: CIS

Plugin: Windows

Revision: 1.12

Estimated Item Count: 20

File Details

Filename: CIS_Microsoft_Exchange_Server_2013_Level_1_CAS_v1.1.0.audit

Size: 34.2 kB

MD5: 78a8ae8d9d6d58d9b70a026dc571404c
SHA256: 94a4e221884d454aa8dcc5ebea6ad4ba35e52033cb50c0f4f76ef79cec9948fa

Audit Items

DescriptionCategories
1.9 Set 'Configure login authentication for POP3' to 'SecureLogin'

IDENTIFICATION AND AUTHENTICATION

1.15 Set 'Configure login authentication for IMAP4' to 'SecureLogin'

IDENTIFICATION AND AUTHENTICATION

2.6 Set 'Allow simple passwords' to 'False'

IDENTIFICATION AND AUTHENTICATION

2.7 Set 'Enforce Password History' to '4' or greater

IDENTIFICATION AND AUTHENTICATION

2.8 Set 'Password Expiration' to '90' or less

IDENTIFICATION AND AUTHENTICATION

2.9 Set 'Minimum password length' to '4' or greater

IDENTIFICATION AND AUTHENTICATION

2.11 Set 'Refresh interval' to '1'

ACCESS CONTROL

2.15 Set 'Allow unmanaged devices' to 'False'

ACCESS CONTROL

2.16 Set 'Require encryption on device' to 'True'

ACCESS CONTROL

2.17 Set 'Time without user input before password must be re-entered' to '15'

ACCESS CONTROL

2.18 Set 'Require alphanumeric password' to 'True'

IDENTIFICATION AND AUTHENTICATION

2.19 Set 'Require client MAPI encryption' to 'True'

SYSTEM AND COMMUNICATIONS PROTECTION

2.20 Set 'Number of attempts allowed' to '10'

ACCESS CONTROL

2.21 Set 'Require password' to 'True'

ACCESS CONTROL

3.2 Set 'Require Client Certificates' to 'Required'
3.4 Set 'Turn on Administrator Audit Logging' to 'True'

AUDIT AND ACCOUNTABILITY

3.6 Set 'Allow basic authentication' to 'False'

IDENTIFICATION AND AUTHENTICATION

3.10 Set 'Enable S/MIME for OWA 2010' to 'True'

SYSTEM AND COMMUNICATIONS PROTECTION

Authentication Failure
CIS_Microsoft_Exchange_Server_2013_Level_1_CAS_v1.1.0.audit from CIS Microsoft Exchange Server 2013 v1.1.0 Benchmark

SYSTEM AND INFORMATION INTEGRITY