Detections
Analytics

DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1

Updated: 12/11/2024

Authority: DISA STIG

Plugin: Windows

Revision: 1.1

Estimated Item Count: 69

File Details

Filename: DISA_Microsoft_Exchange_2019_Mailbox_Server_STIG_v2r1.audit

Size: 142 kB

MD5: 0036ccc45643cb67a3d8ca6c20377270
SHA256: 7216a58ca20c1128afd65756367d8755de0b1698d77cdd94174c97bdc0ed3733

Audit Items

DescriptionCategories
DISA_Microsoft_Exchange_2019_Mailbox_Server_STIG_v2r1.audit from DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1
EX19-MB-000006 Exchange must use encryption for RPC client access.
EX19-MB-000007 Exchange must use encryption for Outlook Web App (OWA) access.
EX19-MB-000008 Exchange must have forms-based authentication enabled.
EX19-MB-000016 Exchange must have administrator audit logging enabled.
EX19-MB-000019 Exchange servers must use approved DOD certificates.
EX19-MB-000020 Exchange must have authenticated access set to integrated Windows authentication only.
EX19-MB-000021 Exchange auto-forwarding email to remote domains must be disabled or restricted.
EX19-MB-000031 Exchange connectivity logging must be enabled.
EX19-MB-000032 The Exchange email diagnostic log level must be set to the lowest level.
EX19-MB-000033 Exchange audit record parameters must be set.
EX19-MB-000034 The RBAC role for audit log management must be defined and restricted.
EX19-MB-000040 Exchange email subject line logging must be disabled.
EX19-MB-000041 Exchange message tracking logging must be enabled.
EX19-MB-000042 Exchange circular logging must be disabled.
EX19-MB-000048 Exchange queue monitoring must be configured with threshold and action.
EX19-MB-000052 Exchange must protect audit data against unauthorized read access.
EX19-MB-000053 Exchange must protect audit data against unauthorized access.
EX19-MB-000054 Exchange must protect audit data against unauthorized deletion.
EX19-MB-000058 Exchange audit data must be on separate partitions.
EX19-MB-000061 Exchange local machine policy must require signed scripts.
EX19-MB-000063 Exchange Send Fatal Errors to Microsoft must be disabled.
EX19-MB-000064 Exchange must not send customer experience reports to Microsoft.
EX19-MB-000065 The Exchange Internet Message Access Protocol 4 (IMAP4) service must be disabled.
EX19-MB-000066 The Exchange Post Office Protocol 3 (POP3) service must be disabled.
EX19-MB-000105 Exchange Mailbox databases must reside on a dedicated partition.
EX19-MB-000106 Exchange internet-facing send connectors must specify a smart host.
EX19-MB-000115 Exchange mailboxes must be retained until backups are complete.
EX19-MB-000116 Exchange email forwarding must be restricted.
EX19-MB-000117 Exchange email-forwarding SMTP domains must be restricted.
EX19-MB-000121 Exchange mailbox stores must mount at startup.
EX19-MB-000122 Exchange mail quota settings must not restrict receiving mail.
EX19-MB-000123 Exchange mail quota settings must not restrict sending mail.
EX19-MB-000124 Exchange Message size restrictions must be controlled on Receive connectors.
EX19-MB-000125 The Exchange Receive Connector Maximum Hop Count must be 60.
EX19-MB-000126 The Exchange send connector connections count must be limited.
EX19-MB-000127 Exchange receive connectors must control the number of recipients per message.
EX19-MB-000128 Exchange message size restrictions must be controlled on send connectors.
EX19-MB-000129 The Exchange global inbound message size must be controlled.
EX19-MB-000130 The Exchange global outbound message size must be controlled.
EX19-MB-000131 The Exchange Outbound Connection Limit per Domain Count must be controlled.
EX19-MB-000132 The Exchange Outbound Connection Timeout must be 10 minutes or less.
EX19-MB-000134 Exchange servers must have an approved DOD email-aware virus protection software installed.
EX19-MB-000135 Exchange internal receive connectors must not allow anonymous connections.
EX19-MB-000136 Exchange external/internet-bound automated response messages must be disabled.
EX19-MB-000137 Exchange must have anti-spam filtering installed.
EX19-MB-000138 Exchange must have anti-spam filtering enabled.
EX19-MB-000139 Exchange must have anti-spam filtering configured.
EX19-MB-000140 Exchange must not send automated replies to remote domains.
EX19-MB-000142 The Exchange Global Recipient Count Limit must be set.