DISA Microsoft Exchange 2013 Mailbox Server STIG v2r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Microsoft Exchange 2013 Mailbox Server STIG v2r1

Updated: 6/1/2022

Authority: DISA STIG

Plugin: Windows

Revision: 1.4

Estimated Item Count: 75

Audit Items

DescriptionCategories
Authentication Failure
DISA_STIG_Microsoft_Exchange_2013_Mailbox_Server_v2r1.audit from DISA Microsoft Exchange 2013 Mailbox Server v2r1 STIG

SYSTEM AND INFORMATION INTEGRITY

EX13-MB-000005 - Exchange must have Administrator audit logging enabled.

AUDIT AND ACCOUNTABILITY

EX13-MB-000010 - Exchange Servers must use approved DoD certificates.

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-MB-000015 - Exchange auto-forwarding email to remote domains must be disabled or restricted.

CONFIGURATION MANAGEMENT

EX13-MB-000020 - Exchange Connectivity logging must be enabled.

AUDIT AND ACCOUNTABILITY

EX13-MB-000025 - The Exchange Email Diagnostic log level must be set to the lowest level.

CONFIGURATION MANAGEMENT

EX13-MB-000030 - Exchange Audit record parameters must be set.

AUDIT AND ACCOUNTABILITY

EX13-MB-000035 - Exchange Circular Logging must be disabled.

AUDIT AND ACCOUNTABILITY

EX13-MB-000040 - Exchange Email Subject Line logging must be disabled.

AUDIT AND ACCOUNTABILITY

EX13-MB-000045 - Exchange Message Tracking Logging must be enabled.

AUDIT AND ACCOUNTABILITY

EX13-MB-000050 - Exchange Queue monitoring must be configured with threshold and action.
EX13-MB-000055 - Exchange Send Fatal Errors to Microsoft must be disabled.

CONFIGURATION MANAGEMENT

EX13-MB-000060 - Exchange must protect audit data against unauthorized read access.
EX13-MB-000065 - Exchange must not send Customer Experience reports to Microsoft.

CONFIGURATION MANAGEMENT

EX13-MB-000070 - Exchange must protect audit data against unauthorized access.
EX13-MB-000075 - Exchange must protect audit data against unauthorized deletion.
EX13-MB-000080 - Exchange Audit data must be on separate partitions.
EX13-MB-000085 - Exchange Local machine policy must require signed scripts.

CONFIGURATION MANAGEMENT

EX13-MB-000090 - The Exchange IMAP4 service must be disabled.

CONFIGURATION MANAGEMENT

EX13-MB-000095 - The Exchange POP3 service must be disabled.

CONFIGURATION MANAGEMENT

EX13-MB-000100 - Exchange Mailbox databases must reside on a dedicated partition.

CONFIGURATION MANAGEMENT

EX13-MB-000105 - Exchange Internet-facing Send connectors must specify a Smart Host.

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-MB-000110 - Exchange internal Receive connectors must require encryption.

IDENTIFICATION AND AUTHENTICATION

EX13-MB-000115 - Exchange internal Receive connectors must use Domain Security (mutual authentication Transport Layer Security) - mutual authentication Transport Layer Security.

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-MB-000120 - Exchange internal Send connectors must require encryption.

CONFIGURATION MANAGEMENT

EX13-MB-000125 - Exchange Public Folder stores must be retained until backups are complete.

CONTINGENCY PLANNING

EX13-MB-000130 - The Exchange Public Folder database must not be overwritten by a restore.

CONTINGENCY PLANNING

EX13-MB-000135 - Exchange Mailboxes must be retained until backups are complete.

CONTINGENCY PLANNING

EX13-MB-000140 - The Exchange Mailbox database must not be overwritten by a restore.

CONTINGENCY PLANNING

EX13-MB-000145 - Exchange email forwarding must be restricted.

CONFIGURATION MANAGEMENT

EX13-MB-000150 - Exchange email-forwarding SMTP domains must be restricted.

CONFIGURATION MANAGEMENT

EX13-MB-000155 - Exchange Mail quota settings must not restrict receiving mail.

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-MB-000160 - Exchange Mail Quota settings must not restrict receiving mail.

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-MB-000165 - The Exchange Mail Store storage quota must issue a warning.

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-MB-000170 - Exchange Mailbox Stores must mount at startup.

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-MB-000175 - Exchange Message size restrictions must be controlled on Receive connectors.

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-MB-000180 - Exchange Receive connectors must control the number of recipients per message.

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-MB-000185 - Exchange Receive connectors must be clearly named.

CONFIGURATION MANAGEMENT

EX13-MB-000190 - The Exchange Receive Connector Maximum Hop Count must be 60.

CONFIGURATION MANAGEMENT

EX13-MB-000195 - Exchange Send connectors must be clearly named.

CONFIGURATION MANAGEMENT

EX13-MB-000200 - Exchange Send connectors delivery retries must be controlled.

CONFIGURATION MANAGEMENT

EX13-MB-000205 - Exchange Message size restrictions must be controlled on Send connectors.

CONFIGURATION MANAGEMENT

EX13-MB-000210 - The Exchange Send connector connections count must be limited.

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-MB-000215 - The Exchange global inbound message size must be controlled.

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-MB-000220 - The Exchange global outbound message size must be controlled.

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-MB-000225 - The Exchange Outbound Connection Limit per Domain Count must be controlled.

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-MB-000230 - The Exchange Outbound Connection Timeout must be 10 minutes or less.

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-MB-000235 - Exchange Internal Receive connectors must not allow anonymous connections.

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-MB-000240 - Exchange external/Internet-bound automated response messages must be disabled.

CONFIGURATION MANAGEMENT