| DISA_Microsoft_Exchange_2019_Mailbox_Server_STIG_v2r1.audit from DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | |
| EX19-MB-000006 Exchange must use encryption for RPC client access. | ACCESS CONTROL |
| EX19-MB-000007 Exchange must use encryption for Outlook Web App (OWA) access. | ACCESS CONTROL |
| EX19-MB-000008 Exchange must have forms-based authentication enabled. | ACCESS CONTROL |
| EX19-MB-000016 Exchange must have administrator audit logging enabled. | ACCESS CONTROL |
| EX19-MB-000019 Exchange servers must use approved DOD certificates. | ACCESS CONTROL |
| EX19-MB-000020 Exchange must have authenticated access set to integrated Windows authentication only. | ACCESS CONTROL |
| EX19-MB-000021 Exchange auto-forwarding email to remote domains must be disabled or restricted. | ACCESS CONTROL |
| EX19-MB-000031 Exchange connectivity logging must be enabled. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000032 The Exchange email diagnostic log level must be set to the lowest level. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000033 Exchange audit record parameters must be set. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000034 The RBAC role for audit log management must be defined and restricted. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000040 Exchange email subject line logging must be disabled. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000041 Exchange message tracking logging must be enabled. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000042 Exchange circular logging must be disabled. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000048 Exchange queue monitoring must be configured with threshold and action. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000052 Exchange must protect audit data against unauthorized read access. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000053 Exchange must protect audit data against unauthorized access. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000054 Exchange must protect audit data against unauthorized deletion. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000058 Exchange audit data must be on separate partitions. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000061 Exchange local machine policy must require signed scripts. | CONFIGURATION MANAGEMENT |
| EX19-MB-000063 Exchange Send Fatal Errors to Microsoft must be disabled. | CONFIGURATION MANAGEMENT |
| EX19-MB-000064 Exchange must not send customer experience reports to Microsoft. | CONFIGURATION MANAGEMENT |
| EX19-MB-000065 The Exchange Internet Message Access Protocol 4 (IMAP4) service must be disabled. | CONFIGURATION MANAGEMENT |
| EX19-MB-000066 The Exchange Post Office Protocol 3 (POP3) service must be disabled. | CONFIGURATION MANAGEMENT |
| EX19-MB-000105 Exchange Mailbox databases must reside on a dedicated partition. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000106 Exchange internet-facing send connectors must specify a smart host. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000115 Exchange mailboxes must be retained until backups are complete. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000116 Exchange email forwarding must be restricted. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000117 Exchange email-forwarding SMTP domains must be restricted. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000121 Exchange mailbox stores must mount at startup. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000122 Exchange mail quota settings must not restrict receiving mail. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000123 Exchange mail quota settings must not restrict sending mail. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000124 Exchange Message size restrictions must be controlled on Receive connectors. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000125 The Exchange Receive Connector Maximum Hop Count must be 60. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000126 The Exchange send connector connections count must be limited. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000127 Exchange receive connectors must control the number of recipients per message. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000128 Exchange message size restrictions must be controlled on send connectors. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000129 The Exchange global inbound message size must be controlled. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000130 The Exchange global outbound message size must be controlled. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000131 The Exchange Outbound Connection Limit per Domain Count must be controlled. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000132 The Exchange Outbound Connection Timeout must be 10 minutes or less. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000134 Exchange servers must have an approved DOD email-aware virus protection software installed. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000135 Exchange internal receive connectors must not allow anonymous connections. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000136 Exchange external/internet-bound automated response messages must be disabled. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000137 Exchange must have anti-spam filtering installed. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000138 Exchange must have anti-spam filtering enabled. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000139 Exchange must have anti-spam filtering configured. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000140 Exchange must not send automated replies to remote domains. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000142 The Exchange Global Recipient Count Limit must be set. | SYSTEM AND INFORMATION INTEGRITY |
