DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r5

Audit Details

Name: DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r5

Updated: 4/12/2023

Authority: DISA STIG

Plugin: Windows

Revision: 1.13

Estimated Item Count: 68

File Details

Filename: DISA_STIG_Microsoft_Exchange_2013_Edge_Transport_Server_v1r5.audit

Size: 141 kB

MD5: 7bd8036984a99c510928fd6124dd14c4

SHA256: b782f9311de40a28fc9ee2972845c8553f93531e1440b8c6352f31bee705d65e

Audit Items

Description	Categories
Authentication Failure	ACCESS CONTROL
DISA_STIG_Microsoft_Exchange_2013_Edge_Transport_Server_v1r5.audit from DISA MS Exchange 2013 Edge Transport Server v1r5 STIG	SYSTEM AND INFORMATION INTEGRITY
EX13-EG-000005 - Exchange must limit the Receive connector timeout.	ACCESS CONTROL
EX13-EG-000010 - Exchange servers must use approved DoD certificates.	ACCESS CONTROL
EX13-EG-000015 - Exchange must have accepted domains configured.	ACCESS CONTROL
EX13-EG-000025 - Exchange external Receive connectors must be domain secure-enabled.	ACCESS CONTROL
EX13-EG-000030 - The Exchange email Diagnostic log level must be set to the lowest level.	AUDIT AND ACCOUNTABILITY
EX13-EG-000035 - Exchange Connectivity logging must be enabled.	AUDIT AND ACCOUNTABILITY
EX13-EG-000040 - Exchange Queue monitoring must be configured with threshold and action.	AUDIT AND ACCOUNTABILITY
EX13-EG-000045 - Exchange must not send Customer Experience reports to Microsoft.	CONFIGURATION MANAGEMENT
EX13-EG-000050 - Exchange Audit data must be protected against unauthorized access (read access).	AUDIT AND ACCOUNTABILITY
EX13-EG-000055 - Exchange Send Fatal Errors to Microsoft must be disabled.	CONFIGURATION MANAGEMENT
EX13-EG-000060 - Exchange audit data must be protected against unauthorized access for modification.	AUDIT AND ACCOUNTABILITY
EX13-EG-000065 - Exchange audit data must be protected against unauthorized access for deletion.	AUDIT AND ACCOUNTABILITY
EX13-EG-000070 - Exchange audit data must be on separate partitions.	AUDIT AND ACCOUNTABILITY
EX13-EG-000075 - The Exchange local machine policy must require signed scripts.	CONFIGURATION MANAGEMENT
EX13-EG-000080 - Exchange Internet-facing Send connectors must specify a Smart Host.	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-EG-000090 - Exchange Internet-facing Receive connectors must offer Transport Layer Security (TLS) before using basic authentication.	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-EG-000095 - Exchange Outbound Connection Timeout must be 10 minutes or less.	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-EG-000100 - Exchange Outbound Connection Limit per Domain Count must be controlled.	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-EG-000105 - Exchange Global Outbound Message size must be controlled.	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-EG-000115 - Exchange Send connector connections count must be limited.	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-EG-000120 - Exchange message size restrictions must be controlled on Send connectors.	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-EG-000125 - Exchange Send connectors delivery retries must be controlled.	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-EG-000130 - Exchange Send connectors must be clearly named.	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-EG-000135 - Exchange Receive connector Maximum Hop Count must be 60.	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-EG-000140 - Exchange Receive connectors must be clearly named.	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-EG-000145 - Exchange Receive connectors must control the number of recipients chunked on a single message.	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-EG-000150 - Exchange Receive connectors must control the number of recipients per message.	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-EG-000155 - The Exchange Internet Receive connector connections count must be set to default.	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-EG-000160 - Exchange Message size restrictions must be controlled on Receive connectors.	SYSTEM AND COMMUNICATIONS PROTECTION
EX13-EG-000165 - Exchange messages with a blank sender field must be rejected.	SYSTEM AND INFORMATION INTEGRITY
EX13-EG-000170 - Exchange messages with a blank sender field must be filtered.	SYSTEM AND INFORMATION INTEGRITY
EX13-EG-000175 - Exchange filtered messages must be archived.	SYSTEM AND INFORMATION INTEGRITY
EX13-EG-000180 - The Exchange Sender filter must block unaccepted domains.	SYSTEM AND INFORMATION INTEGRITY
EX13-EG-000185 - Exchange nonexistent recipients must not be blocked.	SYSTEM AND INFORMATION INTEGRITY
EX13-EG-000190 - The Exchange Sender Reputation filter must be enabled.	SYSTEM AND INFORMATION INTEGRITY
EX13-EG-000195 - The Exchange Sender Reputation filter must identify the spam block level.	SYSTEM AND INFORMATION INTEGRITY
EX13-EG-000200 - Exchange Attachment filtering must remove undesirable attachments by file type.	SYSTEM AND INFORMATION INTEGRITY
EX13-EG-000205 - The Exchange Spam Evaluation filter must be enabled.	SYSTEM AND INFORMATION INTEGRITY
EX13-EG-000210 - The Exchange Block List service provider must be identified.	SYSTEM AND INFORMATION INTEGRITY
EX13-EG-000215 - Exchange messages with malformed From address must be rejected.	SYSTEM AND INFORMATION INTEGRITY
EX13-EG-000235 - The Exchange Recipient filter must be enabled.	SYSTEM AND INFORMATION INTEGRITY
EX13-EG-000240 - The Exchange tarpitting interval must be set.	SYSTEM AND INFORMATION INTEGRITY
EX13-EG-000245 - Exchange internal Receive connectors must not allow anonymous connections.	SYSTEM AND INFORMATION INTEGRITY
EX13-EG-000250 - Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List entries must be empty.	SYSTEM AND INFORMATION INTEGRITY
EX13-EG-000255 - The Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List Connection filter must be enabled.	SYSTEM AND INFORMATION INTEGRITY
EX13-EG-000260 - The Exchange Simple Mail Transfer Protocol (SMTP) Sender filter must be enabled.	SYSTEM AND INFORMATION INTEGRITY
EX13-EG-000265 - Exchange must have antispam filtering installed.	SYSTEM AND INFORMATION INTEGRITY
EX13-EG-000270 - Exchange must have antispam filtering enabled - ContentFilterConfig	SYSTEM AND INFORMATION INTEGRITY

Detections

Analytics

DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r5

Audit Details

File Details

Audit Items