1.8 Set 'External send connector authentication: Ignore Start TLS' to 'False'

Information

If this setting is enabled then you will not be able to configure mutual authentication TLS, referred to as 'External send connector authentication: Domain Security' in this baseline.

Rationale:

Basic authentication sends credentials across the network in plaintext. TLS helps protect credentials from interception by unauthorized users.

Solution

To implement the recommended state, execute the following PowerShell cmdlet:

set-SendConnector -identity <connector_name> -IgnoreSTARTTLS: $false

See Also

https://workbench.cisecurity.org/files/1514

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-13

Plugin: Windows

Control ID: 21c7887387612e6297b34409e0cd0e7064b1b48b5037180766861d5ebba082a4