MS.EXO.1.1v1 - Automatic forwarding to external domains SHALL be disabled.

Information

Adversaries can use automatic forwarding to gain persistent access to a victim's email. Disabling forwarding to external domains prevents this technique when the adversary is external to the organization but does not impede legitimate internal forwarding.

Solution

To disallow automatic forwarding to external domains:

1. Sign in to the Exchange admin center.

2. Select Mail flow, then Remote domains.

3. Select Default.

4. Under Email reply types, select Edit reply types.

5. Clear the checkbox next to Allow automatic forwarding, then click Save.

6. Return to Remote domains and repeat steps 4 and 5 for each additional remote domain in the list.

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-2, 800-53|AC-3, 800-53|AC-4, 800-53|AC-6, 800-53|AC-16, 800-53|AC-20, 800-53|AC-23, 800-53|CA-3, 800-53|CA-7, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|IA-9, 800-53|SA-8, 800-53|SA-9, 800-53|SC-7, 800-53|SC-20, 800-53|SC-28, 800-53|SC-31, 800-53|SC-44, 800-53|SI-3, 800-53|SI-4, 800-53|SI-8, 800-53|SI-10, 800-53|SI-15

Plugin: microsoft_azure

Control ID: 7d6c9a04eba5a17fec7b9c6fb44b552b77bd6e8857ba308005563a7d52bb9cba