EX19-MB-000229 - The Exchange email application must not share a partition with another application.

Information

In the same way that added security layers can provide a cumulative positive effect on security posture, multiple applications can provide a cumulative negative effect. A vulnerability and subsequent exploit to one application can lead to an exploit of other applications sharing the same security context. For example, an exploit to a web server process that leads to unauthorized administrative access to the host system can most likely lead to a compromise of all applications hosted by the same system.

Email services should be installed on a partition that does not host other applications. Email services should never be installed on a Domain Controller/Directory Services server.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Update the EDSP with the location of where Exchange is installed.

Install Exchange on a dedicated application directory or partition separate than that of the operating system.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Exchange_2019_Y24M10_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-39, CAT|II, CCI|CCI-002530, Rule-ID|SV-259704r961608_rule, STIG-ID|EX19-MB-000229, Vuln-ID|V-259704

Plugin: Windows

Control ID: fd7deb4001f7879d1b7df98167feec2f719c87099836b52d334c188048da6cdd