1.8 Set 'External send connector authentication: Ignore Start TLS' to 'False'

Information

If this setting is enabled then you will not be able to configure mutual authentication TLS, referred to as 'External send connector authentication: Domain Security' in this baseline.

Rationale:

Basic authentication sends credentials across the network in plaintext. TLS helps protect credentials from interception by unauthorized users.

Solution

To implement the recommended state, execute the following PowerShell cmdlet:

set-SendConnector -identity <connector_name> -IgnoreSTARTTLS: $false

See Also

https://workbench.cisecurity.org/files/1514

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-13

Plugin: Windows

Control ID: b736522b259aa84f5c8a4bc75907222c1e786243ef53c1f8b63fee1d169ea8a2