DISA Microsoft Exchange 2013 Mailbox Server STIG v2r2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Microsoft Exchange 2013 Mailbox Server STIG v2r2

Updated: 8/26/2024

Authority: DISA STIG

Plugin: Windows

Revision: 1.5

Estimated Item Count: 75

File Details

Filename: DISA_STIG_Microsoft_Exchange_2013_Mailbox_Server_v2r2.audit

Size: 143 kB

MD5: b20193238099fbb01ddda8c61441c15c
SHA256: 59d128a82dd14a324358f749941a27eb694a4a434cc4a39a47e9f9b12657e2e7

Audit Items

DescriptionCategories
Authentication Failure

ACCESS CONTROL

DISA_STIG_Microsoft_Exchange_2013_Mailbox_Server_v2r2.audit from DISA Microsoft Exchange 2013 Mailbox Server v2r2 STIG

SYSTEM AND INFORMATION INTEGRITY

EX13-MB-000005 - Exchange must have Administrator audit logging enabled.
EX13-MB-000010 - Exchange Servers must use approved DoD certificates.
EX13-MB-000015 - Exchange auto-forwarding email to remote domains must be disabled or restricted.
EX13-MB-000020 - Exchange Connectivity logging must be enabled.
EX13-MB-000025 - The Exchange Email Diagnostic log level must be set to the lowest level.
EX13-MB-000030 - Exchange Audit record parameters must be set.
EX13-MB-000035 - Exchange Circular Logging must be disabled.
EX13-MB-000040 - Exchange Email Subject Line logging must be disabled.
EX13-MB-000045 - Exchange Message Tracking Logging must be enabled.
EX13-MB-000050 - Exchange Queue monitoring must be configured with threshold and action.
EX13-MB-000055 - Exchange Send Fatal Errors to Microsoft must be disabled.
EX13-MB-000060 - Exchange must protect audit data against unauthorized read access.
EX13-MB-000065 - Exchange must not send Customer Experience reports to Microsoft.
EX13-MB-000070 - Exchange must protect audit data against unauthorized access.
EX13-MB-000075 - Exchange must protect audit data against unauthorized deletion.
EX13-MB-000080 - Exchange Audit data must be on separate partitions.
EX13-MB-000085 - Exchange Local machine policy must require signed scripts.
EX13-MB-000090 - The Exchange IMAP4 service must be disabled.
EX13-MB-000095 - The Exchange POP3 service must be disabled.
EX13-MB-000100 - Exchange Mailbox databases must reside on a dedicated partition.
EX13-MB-000105 - Exchange Internet-facing Send connectors must specify a Smart Host.
EX13-MB-000110 - Exchange internal Receive connectors must require encryption.
EX13-MB-000115 - Exchange internal Receive connectors must use Domain Security (mutual authentication Transport Layer Security) - mutual authentication Transport Layer Security.
EX13-MB-000120 - Exchange internal Send connectors must require encryption.
EX13-MB-000125 - Exchange Public Folder stores must be retained until backups are complete.
EX13-MB-000130 - The Exchange Public Folder database must not be overwritten by a restore.
EX13-MB-000135 - Exchange Mailboxes must be retained until backups are complete.
EX13-MB-000140 - The Exchange Mailbox database must not be overwritten by a restore.
EX13-MB-000145 - Exchange email forwarding must be restricted.
EX13-MB-000150 - Exchange email-forwarding SMTP domains must be restricted.
EX13-MB-000155 - Exchange Mail quota settings must not restrict receiving mail.
EX13-MB-000160 - Exchange Mail Quota settings must not restrict receiving mail.
EX13-MB-000165 - The Exchange Mail Store storage quota must issue a warning.
EX13-MB-000170 - Exchange Mailbox Stores must mount at startup.
EX13-MB-000175 - Exchange Message size restrictions must be controlled on Receive connectors.
EX13-MB-000180 - Exchange Receive connectors must control the number of recipients per message.
EX13-MB-000185 - Exchange Receive connectors must be clearly named.
EX13-MB-000190 - The Exchange Receive Connector Maximum Hop Count must be 60.
EX13-MB-000195 - Exchange Send connectors must be clearly named.
EX13-MB-000200 - Exchange Send connectors delivery retries must be controlled.
EX13-MB-000205 - Exchange Message size restrictions must be controlled on Send connectors.
EX13-MB-000210 - The Exchange Send connector connections count must be limited.
EX13-MB-000215 - The Exchange global inbound message size must be controlled.
EX13-MB-000220 - The Exchange global outbound message size must be controlled.
EX13-MB-000225 - The Exchange Outbound Connection Limit per Domain Count must be controlled.
EX13-MB-000230 - The Exchange Outbound Connection Timeout must be 10 minutes or less.
EX13-MB-000235 - Exchange Internal Receive connectors must not allow anonymous connections.
EX13-MB-000240 - Exchange external/Internet-bound automated response messages must be disabled.