DISA Microsoft Exchange 2013 Client Access Server STIG v2r1

Audit Details

Name: DISA Microsoft Exchange 2013 Client Access Server STIG v2r1

Updated: 6/1/2022

Authority: DISA STIG

Plugin: Windows

Revision: 1.0

Estimated Item Count: 41

File Details

Filename: DISA_STIG_Microsoft_Exchange_2013_Client_Access_Server_v2r1.audit

Size: 92.4 kB

MD5: 852a66e62446a1d02d23b5c50f672aa0
SHA256: 662634ecc96333b650c7a35cda7c9c014729041d70f08841f4ddcc1295a9c422

Audit Items

DescriptionCategories
Authentication Failure

ACCESS CONTROL

DISA_STIG_Microsoft_Exchange_2013_Client_Access_Server_v2r1.audit from DISA Microsoft Exchange 2013 Client Access Server v2r1 STIG

SYSTEM AND INFORMATION INTEGRITY

EX13-CA-000005 - Exchange must use Encryption for RPC client access.

ACCESS CONTROL

EX13-CA-000010 - Exchange must use Encryption for OWA access.

ACCESS CONTROL

EX13-CA-000015 - Exchange must have Forms-based Authentication disabled.

ACCESS CONTROL

EX13-CA-000020 - Exchange must have authenticated access set to Integrated Windows Authentication only.

ACCESS CONTROL

EX13-CA-000025 - Exchange must have Administrator audit logging enabled.

ACCESS CONTROL

EX13-CA-000030 - Exchange Servers must use approved DoD certificates.

ACCESS CONTROL

EX13-CA-000035 - Exchange ActiveSync (EAS) must only use certificate-based authentication to access email - BasicAuthEnabled

ACCESS CONTROL

EX13-CA-000035 - Exchange ActiveSync (EAS) must only use certificate-based authentication to access email - ClientCertAuth

ACCESS CONTROL

EX13-CA-000035 - Exchange ActiveSync (EAS) must only use certificate-based authentication to access email - ExternalAuthenticationMethods

ACCESS CONTROL

EX13-CA-000035 - Exchange ActiveSync (EAS) must only use certificate-based authentication to access email - InternalAuthenticationMethods

ACCESS CONTROL

EX13-CA-000035 - Exchange ActiveSync (EAS) must only use certificate-based authentication to access email - WebSiteSSLEnabled

ACCESS CONTROL

EX13-CA-000035 - Exchange ActiveSync (EAS) must only use certificate-based authentication to access email - WindowsAuthEnabled

ACCESS CONTROL

EX13-CA-000040 - Exchange must have IIS map client certificates to an approved certificate server.

ACCESS CONTROL

EX13-CA-000045 - Exchange Email Diagnostic log level must be set to lowest level.

AUDIT AND ACCOUNTABILITY

EX13-CA-000050 - Exchange must have Audit record parameters set.

AUDIT AND ACCOUNTABILITY

EX13-CA-000055 - Exchange must have Queue monitoring configured with threshold and action.

AUDIT AND ACCOUNTABILITY

EX13-CA-000060 - Exchange must have Send Fatal Errors to Microsoft disabled.

CONFIGURATION MANAGEMENT

EX13-CA-000065 - Exchange must have Audit data protected against unauthorized read access.

AUDIT AND ACCOUNTABILITY

EX13-CA-000070 - Exchange must not send Customer Experience reports to Microsoft.

CONFIGURATION MANAGEMENT

EX13-CA-000075 - Exchange must have Audit data protected against unauthorized modification.

AUDIT AND ACCOUNTABILITY

EX13-CA-000080 - Exchange must have audit data protected against unauthorized deletion.

AUDIT AND ACCOUNTABILITY

EX13-CA-000085 - Exchange must have Audit data on separate partitions.

AUDIT AND ACCOUNTABILITY

EX13-CA-000090 - Exchange Local machine policy must require signed scripts.

CONFIGURATION MANAGEMENT

EX13-CA-000095 - Exchange IMAP4 service must be disabled.

CONFIGURATION MANAGEMENT

EX13-CA-000100 - Exchange POP3 service must be disabled.

CONFIGURATION MANAGEMENT

EX13-CA-000105 - Exchange must have the Public Folder virtual directory removed if not in use by the site.

CONFIGURATION MANAGEMENT

EX13-CA-000110 - Exchange must have the Microsoft Active Sync directory removed.

CONFIGURATION MANAGEMENT

EX13-CA-000115 - Exchange application directory must be protected from unauthorized access.

CONFIGURATION MANAGEMENT

EX13-CA-000120 - Exchange software baseline copy must exist.

CONFIGURATION MANAGEMENT

EX13-CA-000125 - Exchange software must be monitored for unauthorized changes.

CONFIGURATION MANAGEMENT

EX13-CA-000130 - Exchange services must be documented and unnecessary services must be removed or disabled.

CONFIGURATION MANAGEMENT

EX13-CA-000135 - Exchange Outlook Anywhere (OA) clients must use NTLM authentication to access email.

IDENTIFICATION AND AUTHENTICATION

EX13-CA-000140 - Exchange software must be installed on a separate partition from the OS.

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-CA-000145 - Exchange must provide redundancy.

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-CA-000150 - Exchange OWA must use https - External

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-CA-000150 - Exchange OWA must use https - Internal

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-CA-000155 - Exchange OWA must have S/MIME Certificates enabled.

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-CA-000160 - Exchange must have the most current, approved service pack installed.

SYSTEM AND INFORMATION INTEGRITY

EX13-CA-000165 - Exchange must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.

CONFIGURATION MANAGEMENT