| DISA_Microsoft_Exchange_2019_Mailbox_Server_STIG_v2r2.audit from DISA Microsoft Exchange 2019 Mailbox Server v2r2 STIG | |
| EX19-MB-000006 - Exchange must use encryption for RPC client access. | ACCESS CONTROL |
| EX19-MB-000007 - Exchange must use encryption for Outlook Web App (OWA) access. | ACCESS CONTROL |
| EX19-MB-000008 - Exchange must have forms-based authentication enabled. | ACCESS CONTROL |
| EX19-MB-000016 - Exchange must have administrator audit logging enabled. | ACCESS CONTROL |
| EX19-MB-000019 - Exchange servers must use approved DOD certificates. | ACCESS CONTROL |
| EX19-MB-000020 - Exchange must have authenticated access set to integrated Windows authentication only. | ACCESS CONTROL |
| EX19-MB-000021 - Exchange auto-forwarding email to remote domains must be disabled or restricted. | ACCESS CONTROL |
| EX19-MB-000031 - Exchange connectivity logging must be enabled. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000032 - The Exchange email diagnostic log level must be set to the lowest level. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000033 - Exchange audit record parameters must be set. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000034 - The RBAC role for audit log management must be defined and restricted. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000040 - Exchange email subject line logging must be disabled. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000041 - Exchange message tracking logging must be enabled. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000042 - Exchange circular logging must be disabled. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000048 - Exchange queue monitoring must be configured with threshold and action. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000052 - Exchange must protect audit data against unauthorized read access. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000053 - Exchange must protect audit data against unauthorized access. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000054 - Exchange must protect audit data against unauthorized deletion. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000058 - Exchange audit data must be on separate partitions. | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000061 - Exchange local machine policy must require signed scripts. | CONFIGURATION MANAGEMENT |
| EX19-MB-000063 - Exchange Send Fatal Errors to Microsoft must be disabled. | CONFIGURATION MANAGEMENT |
| EX19-MB-000064 - Exchange must not send customer experience reports to Microsoft. | CONFIGURATION MANAGEMENT |
| EX19-MB-000065 - The Exchange Internet Message Access Protocol 4 (IMAP4) service must be disabled. | CONFIGURATION MANAGEMENT |
| EX19-MB-000066 - The Exchange Post Office Protocol 3 (POP3) service must be disabled. | CONFIGURATION MANAGEMENT |
| EX19-MB-000105 - Exchange Mailbox databases must reside on a dedicated partition. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000106 - Exchange internet-facing send connectors must specify a smart host. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000115 - Exchange mailboxes must be retained until backups are complete. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000116 - Exchange email forwarding must be restricted. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000117 - Exchange email-forwarding SMTP domains must be restricted. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000121 - Exchange mailbox stores must mount at startup. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000122 - Exchange mail quota settings must not restrict receiving mail. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000123 - Exchange mail quota settings must not restrict sending mail. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000124 - Exchange Message size restrictions must be controlled on Receive connectors. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000125 - The Exchange Receive Connector Maximum Hop Count must be 60. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000126 - The Exchange send connector connections count must be limited. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000127 - Exchange receive connectors must control the number of recipients per message. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000128 - Exchange message size restrictions must be controlled on send connectors. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000129 - The Exchange global inbound message size must be controlled. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000130 - The Exchange global outbound message size must be controlled. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000131 - The Exchange Outbound Connection Limit per Domain Count must be controlled. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000132 - The Exchange Outbound Connection Timeout must be 10 minutes or less. | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000134 - Exchange servers must have an approved DOD email-aware virus protection software installed. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000135 - Exchange internal receive connectors must not allow anonymous connections. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000136 - Exchange external/internet-bound automated response messages must be disabled. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000137 - Exchange must have anti-spam filtering installed. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000138 - Exchange must have anti-spam filtering enabled. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000139 - Exchange must have anti-spam filtering configured. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000140 - Exchange must not send automated replies to remote domains. | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000142 - The Exchange Global Recipient Count Limit must be set. | SYSTEM AND INFORMATION INTEGRITY |
