Detections
Analytics

DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2

Updated: 1/22/2026

Authority: DISA STIG

Plugin: Windows

Revision: 1.3

Estimated Item Count: 68

File Details

Filename: DISA_Microsoft_Exchange_2019_Mailbox_Server_STIG_v2r2.audit

Size: 141 kB

MD5: 7fd1f869852d4599ca20cf395049ac65
SHA256: cbffa05deeaae5f46be79cc6df752987118844e0fee2691a6dc29ec36cd3f796

Audit Items

DescriptionCategories
DISA_Microsoft_Exchange_2019_Mailbox_Server_STIG_v2r2.audit from DISA Microsoft Exchange 2019 Mailbox Server v2r2 STIG
EX19-MB-000006 - Exchange must use encryption for RPC client access.
EX19-MB-000007 - Exchange must use encryption for Outlook Web App (OWA) access.
EX19-MB-000008 - Exchange must have forms-based authentication enabled.
EX19-MB-000016 - Exchange must have administrator audit logging enabled.
EX19-MB-000019 - Exchange servers must use approved DOD certificates.
EX19-MB-000020 - Exchange must have authenticated access set to integrated Windows authentication only.
EX19-MB-000021 - Exchange auto-forwarding email to remote domains must be disabled or restricted.
EX19-MB-000031 - Exchange connectivity logging must be enabled.
EX19-MB-000032 - The Exchange email diagnostic log level must be set to the lowest level.
EX19-MB-000033 - Exchange audit record parameters must be set.
EX19-MB-000034 - The RBAC role for audit log management must be defined and restricted.
EX19-MB-000040 - Exchange email subject line logging must be disabled.
EX19-MB-000041 - Exchange message tracking logging must be enabled.
EX19-MB-000042 - Exchange circular logging must be disabled.
EX19-MB-000048 - Exchange queue monitoring must be configured with threshold and action.
EX19-MB-000052 - Exchange must protect audit data against unauthorized read access.
EX19-MB-000053 - Exchange must protect audit data against unauthorized access.
EX19-MB-000054 - Exchange must protect audit data against unauthorized deletion.
EX19-MB-000058 - Exchange audit data must be on separate partitions.
EX19-MB-000061 - Exchange local machine policy must require signed scripts.
EX19-MB-000063 - Exchange Send Fatal Errors to Microsoft must be disabled.
EX19-MB-000064 - Exchange must not send customer experience reports to Microsoft.
EX19-MB-000065 - The Exchange Internet Message Access Protocol 4 (IMAP4) service must be disabled.
EX19-MB-000066 - The Exchange Post Office Protocol 3 (POP3) service must be disabled.
EX19-MB-000105 - Exchange Mailbox databases must reside on a dedicated partition.
EX19-MB-000106 - Exchange internet-facing send connectors must specify a smart host.
EX19-MB-000115 - Exchange mailboxes must be retained until backups are complete.
EX19-MB-000116 - Exchange email forwarding must be restricted.
EX19-MB-000117 - Exchange email-forwarding SMTP domains must be restricted.
EX19-MB-000121 - Exchange mailbox stores must mount at startup.
EX19-MB-000122 - Exchange mail quota settings must not restrict receiving mail.
EX19-MB-000123 - Exchange mail quota settings must not restrict sending mail.
EX19-MB-000124 - Exchange Message size restrictions must be controlled on Receive connectors.
EX19-MB-000125 - The Exchange Receive Connector Maximum Hop Count must be 60.
EX19-MB-000126 - The Exchange send connector connections count must be limited.
EX19-MB-000127 - Exchange receive connectors must control the number of recipients per message.
EX19-MB-000128 - Exchange message size restrictions must be controlled on send connectors.
EX19-MB-000129 - The Exchange global inbound message size must be controlled.
EX19-MB-000130 - The Exchange global outbound message size must be controlled.
EX19-MB-000131 - The Exchange Outbound Connection Limit per Domain Count must be controlled.
EX19-MB-000132 - The Exchange Outbound Connection Timeout must be 10 minutes or less.
EX19-MB-000134 - Exchange servers must have an approved DOD email-aware virus protection software installed.
EX19-MB-000135 - Exchange internal receive connectors must not allow anonymous connections.
EX19-MB-000136 - Exchange external/internet-bound automated response messages must be disabled.
EX19-MB-000137 - Exchange must have anti-spam filtering installed.
EX19-MB-000138 - Exchange must have anti-spam filtering enabled.
EX19-MB-000139 - Exchange must have anti-spam filtering configured.
EX19-MB-000140 - Exchange must not send automated replies to remote domains.
EX19-MB-000142 - The Exchange Global Recipient Count Limit must be set.