DISA Microsoft Exchange 2013 Client Access Server STIG v1r3

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Microsoft Exchange 2013 Client Access Server STIG v1r3

Updated: 6/1/2022

Authority: DISA STIG

Plugin: Windows

Revision: 1.9

Estimated Item Count: 41

Audit Items

Description	Categories
Authentication Failure
DISA_STIG_Microsoft_Exchange_2013_Client_Access_Server_v1r3.audit from DISA MS Exchange 2013 Client Access Server v1r3 STIG	SYSTEM AND INFORMATION INTEGRITY
EX13-CA-000005 - Exchange must use Encryption for RPC client access.	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-CA-000010 - Exchange must use Encryption for OWA access.	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-CA-000015 - Exchange must have Forms-based Authentication disabled.	IDENTIFICATION AND AUTHENTICATION
EX13-CA-000020 - Exchange must have authenticated access set to Integrated Windows Authentication only.	IDENTIFICATION AND AUTHENTICATION
EX13-CA-000025 - Exchange must have Administrator audit logging enabled.	AUDIT AND ACCOUNTABILITY
EX13-CA-000030 - Exchange Servers must use approved DoD certificates.	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-CA-000035 - Exchange ActiveSync (EAS) must only use certificate-based authentication to access email - BasicAuthEnabled	IDENTIFICATION AND AUTHENTICATION
EX13-CA-000035 - Exchange ActiveSync (EAS) must only use certificate-based authentication to access email - ClientCertAuth	IDENTIFICATION AND AUTHENTICATION
EX13-CA-000035 - Exchange ActiveSync (EAS) must only use certificate-based authentication to access email - ExternalAuthenticationMethods	IDENTIFICATION AND AUTHENTICATION
EX13-CA-000035 - Exchange ActiveSync (EAS) must only use certificate-based authentication to access email - InternalAuthenticationMethods	IDENTIFICATION AND AUTHENTICATION
EX13-CA-000035 - Exchange ActiveSync (EAS) must only use certificate-based authentication to access email - WebSiteSSLEnabled	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-CA-000035 - Exchange ActiveSync (EAS) must only use certificate-based authentication to access email - WindowsAuthEnabled	IDENTIFICATION AND AUTHENTICATION
EX13-CA-000040 - Exchange must have IIS map client certificates to an approved certificate server.	IDENTIFICATION AND AUTHENTICATION
EX13-CA-000045 - Exchange Email Diagnostic log level must be set to lowest level.	CONFIGURATION MANAGEMENT
EX13-CA-000050 - Exchange must have Audit record parameters set.	AUDIT AND ACCOUNTABILITY
EX13-CA-000055 - Exchange must have Queue monitoring configured with threshold and action.
EX13-CA-000060 - Exchange must have Send Fatal Errors to Microsoft disabled.	CONFIGURATION MANAGEMENT
EX13-CA-000065 - Exchange must have Audit data protected against unauthorized read access.
EX13-CA-000070 - Exchange must not send Customer Experience reports to Microsoft.	CONFIGURATION MANAGEMENT
EX13-CA-000075 - Exchange must have Audit data protected against unauthorized modification.
EX13-CA-000080 - Exchange must have audit data protected against unauthorized deletion.
EX13-CA-000085 - Exchange must have Audit data on separate partitions.
EX13-CA-000090 - Exchange Local machine policy must require signed scripts.	CONFIGURATION MANAGEMENT
EX13-CA-000095 - Exchange IMAP4 service must be disabled.	CONFIGURATION MANAGEMENT
EX13-CA-000100 - Exchange POP3 service must be disabled.	CONFIGURATION MANAGEMENT
EX13-CA-000105 - Exchange must have the Public Folder virtual directory removed if not in use by the site.	CONFIGURATION MANAGEMENT
EX13-CA-000110 - Exchange must have the Microsoft Active Sync directory removed.	CONFIGURATION MANAGEMENT
EX13-CA-000115 - Exchange application directory must be protected from unauthorized access.	CONFIGURATION MANAGEMENT
EX13-CA-000120 - Exchange software baseline copy must exist.
EX13-CA-000125 - Exchange software must be monitored for unauthorized changes.
EX13-CA-000130 - Exchange services must be documented and unnecessary services must be removed or disabled.	CONFIGURATION MANAGEMENT
EX13-CA-000135 - Exchange Outlook Anywhere (OA) clients must use NTLM authentication to access email.	IDENTIFICATION AND AUTHENTICATION
EX13-CA-000140 - Exchange software must be installed on a separate partition from the OS.	CONFIGURATION MANAGEMENT
EX13-CA-000145 - Exchange must provide redundancy.	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-CA-000150 - Exchange OWA must use https - External	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-CA-000150 - Exchange OWA must use https - Internal	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-CA-000155 - Exchange OWA must have S/MIME Certificates enabled.	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-CA-000160 - Exchange must have the most current, approved service pack installed.	SYSTEM AND INFORMATION INTEGRITY
EX13-CA-000165 - Exchange must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.	CONFIGURATION MANAGEMENT

Detections

Analytics

DISA Microsoft Exchange 2013 Client Access Server STIG v1r3

Warning! Audit Deprecated

Audit Details

Audit Items