EX19-MB-000066 - The Exchange Post Office Protocol 3 (POP3) service must be disabled.

Information

POP3 is not approved for use within the DOD. It uses a clear-text-based user name and password and does not support the DOD standard for PKI for email access. User name and password could easily be captured from the network, allowing a malicious user to access other system features. Uninstalling or disabling the service will prevent the use of POP3.

Solution

Open the Windows PowerShell in an Elevated Prompt and enter the following commands:

Get-Service -Name MSExchangePop3,MSExchangePOP3BE |ForEach-Object {Set-Service -Name $_.Name -StartupType Disabled}

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Exchange_2019_Y24M10_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a., CAT|II, CCI|CCI-000381, Rule-ID|SV-259668r960963_rule, STIG-ID|EX19-MB-000066, Vuln-ID|V-259668

Plugin: Windows

Control ID: c6878bc6a9952a00efa24707fc675deee923af14592c0658cc1d42c3dd0345c4