Detections
Analytics

Revision 1.1

Dec 11, 2024
Miscellaneous
  • Metadata updated.
  • Platform check updated.
Added
  • DISA_Microsoft_Exchange_2019_Edge_Server_STIG_v2r1.audit from DISA Microsoft Exchange 2019 Edge Server v2r1 STIG
  • EX19-ED-000006 - SchUseStrongCrypto must be enabled.
  • EX19-ED-000016 - Exchange servers must use approved DOD certificates.
  • EX19-ED-000017 - Exchange must have accepted domains configured.
  • EX19-ED-000019 - Exchange external Receive connectors must be domain secure-enabled.
  • EX19-ED-000026 - The Exchange email diagnostic log level must be set to the lowest level.
  • EX19-ED-000027 - Exchange connectivity logging must be enabled.
  • EX19-ED-000034 - Exchange message tracking logging must be enabled.
  • EX19-ED-000040 - Exchange queue monitoring must be configured with threshold and action.
  • EX19-ED-000044 - Exchange audit data must be protected against unauthorized access (read access).
  • EX19-ED-000045 - Exchange audit data must be protected against unauthorized access for modification.
  • EX19-ED-000046 - Exchange audit data must be protected against unauthorized access for deletion.
  • EX19-ED-000050 - Exchange audit data must be on separate partitions.
  • EX19-ED-000053 - Exchange local machine policy must require signed scripts.
  • EX19-ED-000055 - Exchange must not send customer experience reports to Microsoft.
  • EX19-ED-000056 - Exchange Send Fatal Errors to Microsoft must be disabled.
  • EX19-ED-000094 - Exchange queue database must reside on a dedicated partition.
  • EX19-ED-000095 - Exchange internet-facing send connectors must specify a Smart Host.
  • EX19-ED-000098 - Exchange internal send connectors must use domain security (mutual authentication Transport Layer Security).
  • EX19-ED-000099 - Exchange internet-facing receive connectors must offer Transport Layer Security (TLS) before using basic authentication.
  • EX19-ED-000109 - More than one Edge server must be deployed.
  • EX19-ED-000110 - Exchange Outbound Connection Timeout must be 10 minutes or less.
  • EX19-ED-000111 - Exchange Outbound Connection limit per Domain Count must be controlled.
  • EX19-ED-000112 - Exchange receive connector maximum hop count must be 60.
  • EX19-ED-000113 - Exchange receive connectors must control the number of recipients per message.
  • EX19-ED-000114 - Exchange send connector connections count must be limited.
  • EX19-ED-000115 - Exchange message size restrictions must be controlled on Send connectors.
  • EX19-ED-000116 - Exchange send connectors delivery retries must be controlled.
  • EX19-ED-000117 - Exchange receive connectors must be clearly named.
  • EX19-ED-000118 - Exchange receive connectors must control the number of recipients chunked on a single message.
  • EX19-ED-000119 - The Exchange internet receive connector connections count must be set to default.
  • EX19-ED-000120 - Exchange Message size restrictions must be controlled on receive connectors.
  • EX19-ED-000122 - Active hyperlinks in messages from non .mil domains must be rendered unclickable.
  • EX19-ED-000123 - Exchange messages with a blank sender field must be rejected.
  • EX19-ED-000124 - Exchange messages with a blank sender field must be filtered.
  • EX19-ED-000125 - Exchange filtered messages must be archived.
  • EX19-ED-000126 - The Exchange sender filter must block unaccepted domains.
  • EX19-ED-000127 - Exchange nonexistent recipients must not be blocked.
  • EX19-ED-000128 - The Exchange Sender Reputation filter must be enabled.
  • EX19-ED-000129 - The Exchange Sender Reputation filter must identify the spam block level.
  • EX19-ED-000130 - Exchange Attachment filtering must remove undesirable attachments by file type.
  • EX19-ED-000131 - The Exchange Spam Evaluation filter must be enabled.
  • EX19-ED-000132 - The Exchange Block List service provider must be identified.
  • EX19-ED-000133 - Exchange messages with a malformed From address must be rejected.
  • EX19-ED-000134 - The Exchange Recipient filter must be enabled.
  • EX19-ED-000135 - The Exchange tarpitting interval must be set.
  • EX19-ED-000136 - Exchange internal Receive connectors must not allow anonymous connections.
  • EX19-ED-000137 - Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List entries must be empty.
  • EX19-ED-000138 - The Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List Connection filter must be enabled.
  • EX19-ED-000139 - The Exchange Simple Mail Transfer Protocol (SMTP) Sender filter must be enabled.
  • EX19-ED-000140 - Exchange must have anti-spam filtering installed.
  • EX19-ED-000141 - Exchange must have anti-spam filtering enabled.
  • EX19-ED-000142 - Exchange must have anti-spam filtering configured.
  • EX19-ED-000143 - Exchange Sender Identification Framework must be enabled.
  • EX19-ED-000159 - Exchange must limit the Receive connector timeout.
  • EX19-ED-000174 - Role-Based Access Control must be defined for privileged and nonprivileged users.
  • EX19-ED-000195 - The Exchange application directory must be protected from unauthorized access.
  • EX19-ED-000197 - The Exchange software baseline copy must exist.
  • EX19-ED-000198 - The Exchange local machine policy must require signed scripts.
  • EX19-ED-000199 - Exchange services must be documented, and unnecessary services must be removed or disabled.
  • EX19-ED-000224 - The Exchange Edge server must point to a trusted list of DNS servers for external and internal resolution.
  • EX19-ED-000230 - Exchange software must be installed on a separate partition from the OS.
  • EX19-ED-000231 - The Exchange SMTP automated banner response must not reveal server details.
  • EX19-ED-000232 - Exchange internal Send connectors must use an authentication level.
  • EX19-ED-000234 - Exchange must provide redundancy.
  • EX19-ED-000235 - Exchange internal Receive connectors must require encryption.
  • EX19-ED-000236 - Exchange internal Send connectors must require encryption.
  • EX19-ED-000238 - Exchange must render hyperlinks from email sources from non-.mil domains as unclickable.
  • EX19-ED-000244 - Exchange must have the most current, approved Cumulative Update (CU) installed.
Removed
  • DISA_STIG_Microsoft_Exchange_2019_Edge_Transport_Server_v2r1.audit from DISA Microsoft Exchange 2019 Edge Transport Server v2r1 STIG
  • EX19-ED-000006 SchUseStrongCrypto must be enabled.
  • EX19-ED-000016 Exchange servers must use approved DOD certificates.
  • EX19-ED-000017 Exchange must have accepted domains configured.
  • EX19-ED-000019 Exchange external Receive connectors must be domain secure-enabled.
  • EX19-ED-000026 The Exchange email diagnostic log level must be set to the lowest level.
  • EX19-ED-000027 Exchange connectivity logging must be enabled.
  • EX19-ED-000034 Exchange message tracking logging must be enabled.
  • EX19-ED-000040 Exchange queue monitoring must be configured with threshold and action.
  • EX19-ED-000044 Exchange audit data must be protected against unauthorized access (read access).
  • EX19-ED-000045 Exchange audit data must be protected against unauthorized access for modification.
  • EX19-ED-000046 Exchange audit data must be protected against unauthorized access for deletion.
  • EX19-ED-000050 Exchange audit data must be on separate partitions.
  • EX19-ED-000053 Exchange local machine policy must require signed scripts.
  • EX19-ED-000055 Exchange must not send customer experience reports to Microsoft.
  • EX19-ED-000056 Exchange Send Fatal Errors to Microsoft must be disabled.
  • EX19-ED-000094 Exchange queue database must reside on a dedicated partition.
  • EX19-ED-000095 Exchange internet-facing send connectors must specify a Smart Host.
  • EX19-ED-000098 Exchange internal send connectors must use domain security (mutual authentication Transport Layer Security).
  • EX19-ED-000099 Exchange internet-facing receive connectors must offer Transport Layer Security (TLS) before using basic authentication.
  • EX19-ED-000109 More than one Edge server must be deployed.
  • EX19-ED-000110 Exchange Outbound Connection Timeout must be 10 minutes or less.
  • EX19-ED-000111 Exchange Outbound Connection limit per Domain Count must be controlled.
  • EX19-ED-000112 Exchange receive connector maximum hop count must be 60.
  • EX19-ED-000113 Exchange receive connectors must control the number of recipients per message.
  • EX19-ED-000114 Exchange send connector connections count must be limited.
  • EX19-ED-000115 Exchange message size restrictions must be controlled on Send connectors.
  • EX19-ED-000116 Exchange send connectors delivery retries must be controlled.
  • EX19-ED-000117 Exchange receive connectors must be clearly named.
  • EX19-ED-000118 Exchange receive connectors must control the number of recipients chunked on a single message.
  • EX19-ED-000119 The Exchange internet receive connector connections count must be set to default.
  • EX19-ED-000120 Exchange Message size restrictions must be controlled on receive connectors.
  • EX19-ED-000122 Active hyperlinks in messages from non .mil domains must be rendered unclickable.
  • EX19-ED-000123 Exchange messages with a blank sender field must be rejected.
  • EX19-ED-000124 Exchange messages with a blank sender field must be filtered.
  • EX19-ED-000125 Exchange filtered messages must be archived.
  • EX19-ED-000126 The Exchange sender filter must block unaccepted domains.
  • EX19-ED-000127 Exchange nonexistent recipients must not be blocked.
  • EX19-ED-000128 The Exchange Sender Reputation filter must be enabled.
  • EX19-ED-000129 The Exchange Sender Reputation filter must identify the spam block level.
  • EX19-ED-000130 Exchange Attachment filtering must remove undesirable attachments by file type.
  • EX19-ED-000131 The Exchange Spam Evaluation filter must be enabled.
  • EX19-ED-000132 The Exchange Block List service provider must be identified.
  • EX19-ED-000133 Exchange messages with a malformed From address must be rejected.
  • EX19-ED-000134 The Exchange Recipient filter must be enabled.
  • EX19-ED-000135 The Exchange tarpitting interval must be set.
  • EX19-ED-000136 Exchange internal Receive connectors must not allow anonymous connections.
  • EX19-ED-000137 Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List entries must be empty.
  • EX19-ED-000138 The Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List Connection filter must be enabled.
  • EX19-ED-000139 The Exchange Simple Mail Transfer Protocol (SMTP) Sender filter must be enabled.
  • EX19-ED-000140 Exchange must have anti-spam filtering installed.
  • EX19-ED-000141 Exchange must have anti-spam filtering enabled.
  • EX19-ED-000142 Exchange must have anti-spam filtering configured.
  • EX19-ED-000143 Exchange Sender Identification Framework must be enabled.
  • EX19-ED-000159 Exchange must limit the Receive connector timeout.
  • EX19-ED-000174 Role-Based Access Control must be defined for privileged and nonprivileged users.
  • EX19-ED-000195 The Exchange application directory must be protected from unauthorized access.
  • EX19-ED-000197 The Exchange software baseline copy must exist.
  • EX19-ED-000198 The Exchange local machine policy must require signed scripts.
  • EX19-ED-000199 Exchange services must be documented, and unnecessary services must be removed or disabled.
  • EX19-ED-000224 The Exchange Edge server must point to a trusted list of DNS servers for external and internal resolution.
  • EX19-ED-000230 Exchange software must be installed on a separate partition from the OS.
  • EX19-ED-000231 The Exchange SMTP automated banner response must not reveal server details.
  • EX19-ED-000232 Exchange internal Send connectors must use an authentication level.
  • EX19-ED-000234 Exchange must provide redundancy.
  • EX19-ED-000235 Exchange internal Receive connectors must require encryption.
  • EX19-ED-000236 Exchange internal Send connectors must require encryption.
  • EX19-ED-000238 Exchange must render hyperlinks from email sources from non-.mil domains as unclickable.
  • EX19-ED-000244 Exchange must have the most current, approved Cumulative Update (CU) installed.