| DISA_Microsoft_Exchange_2019_Edge_Server_STIG_v2r1.audit from DISA Microsoft Exchange 2019 Edge Server v2r1 STIG | |
| EX19-ED-000006 - SchUseStrongCrypto must be enabled. | ACCESS CONTROL |
| EX19-ED-000016 - Exchange servers must use approved DOD certificates. | ACCESS CONTROL |
| EX19-ED-000017 - Exchange must have accepted domains configured. | ACCESS CONTROL |
| EX19-ED-000019 - Exchange external Receive connectors must be domain secure-enabled. | ACCESS CONTROL |
| EX19-ED-000026 - The Exchange email diagnostic log level must be set to the lowest level. | AUDIT AND ACCOUNTABILITY |
| EX19-ED-000027 - Exchange connectivity logging must be enabled. | AUDIT AND ACCOUNTABILITY |
| EX19-ED-000034 - Exchange message tracking logging must be enabled. | AUDIT AND ACCOUNTABILITY |
| EX19-ED-000040 - Exchange queue monitoring must be configured with threshold and action. | AUDIT AND ACCOUNTABILITY |
| EX19-ED-000044 - Exchange audit data must be protected against unauthorized access (read access). | AUDIT AND ACCOUNTABILITY |
| EX19-ED-000045 - Exchange audit data must be protected against unauthorized access for modification. | AUDIT AND ACCOUNTABILITY |
| EX19-ED-000046 - Exchange audit data must be protected against unauthorized access for deletion. | AUDIT AND ACCOUNTABILITY |
| EX19-ED-000050 - Exchange audit data must be on separate partitions. | AUDIT AND ACCOUNTABILITY |
| EX19-ED-000053 - Exchange local machine policy must require signed scripts. | CONFIGURATION MANAGEMENT |
| EX19-ED-000055 - Exchange must not send customer experience reports to Microsoft. | CONFIGURATION MANAGEMENT |
| EX19-ED-000056 - Exchange Send Fatal Errors to Microsoft must be disabled. | CONFIGURATION MANAGEMENT |
| EX19-ED-000094 - Exchange queue database must reside on a dedicated partition. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000095 - Exchange internet-facing send connectors must specify a Smart Host. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000098 - Exchange internal send connectors must use domain security (mutual authentication Transport Layer Security). | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000099 - Exchange internet-facing receive connectors must offer Transport Layer Security (TLS) before using basic authentication. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000109 - More than one Edge server must be deployed. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000110 - Exchange Outbound Connection Timeout must be 10 minutes or less. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000111 - Exchange Outbound Connection limit per Domain Count must be controlled. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000112 - Exchange receive connector maximum hop count must be 60. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000113 - Exchange receive connectors must control the number of recipients per message. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000114 - Exchange send connector connections count must be limited. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000115 - Exchange message size restrictions must be controlled on Send connectors. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000116 - Exchange send connectors delivery retries must be controlled. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000117 - Exchange receive connectors must be clearly named. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000118 - Exchange receive connectors must control the number of recipients chunked on a single message. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000119 - The Exchange internet receive connector connections count must be set to default. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000120 - Exchange Message size restrictions must be controlled on receive connectors. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000122 - Active hyperlinks in messages from non .mil domains must be rendered unclickable. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000123 - Exchange messages with a blank sender field must be rejected. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000124 - Exchange messages with a blank sender field must be filtered. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000125 - Exchange filtered messages must be archived. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000126 - The Exchange sender filter must block unaccepted domains. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000127 - Exchange nonexistent recipients must not be blocked. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000128 - The Exchange Sender Reputation filter must be enabled. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000129 - The Exchange Sender Reputation filter must identify the spam block level. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000130 - Exchange Attachment filtering must remove undesirable attachments by file type. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000131 - The Exchange Spam Evaluation filter must be enabled. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000132 - The Exchange Block List service provider must be identified. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000133 - Exchange messages with a malformed From address must be rejected. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000134 - The Exchange Recipient filter must be enabled. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000135 - The Exchange tarpitting interval must be set. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000136 - Exchange internal Receive connectors must not allow anonymous connections. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000137 - Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List entries must be empty. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000138 - The Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List Connection filter must be enabled. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000139 - The Exchange Simple Mail Transfer Protocol (SMTP) Sender filter must be enabled. | SYSTEM AND INFORMATION INTEGRITY |
