STIGQter: STIG Summary: Microsoft Exchange 2013 Mailbox Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

Exchange Queue monitoring must be configured with threshold and action.

DISA Rule

SV-207276r615936_rule

Vulnerability Number

V-207276

Group Title

SRG-APP-000111

Rule Version

EX13-MB-000050

Severity

CAT II

CCI(s)

• CCI-000154 - The information system provides the capability to centrally review and analyze audit records from multiple components within the system.

Weight

10

Fix Recommendation

Open the Exchange Management Shell and enter the following command:

perfmon

In the left pane, navigate to and select Performance >> Data Collector Sets >> User Defined.

Right-click on, navigate to, and configure User Defined >> New >> Data Collector Sets and configure the system to use the data collection set for monitoring the queues.

Check Contents

Note: If a third-party application is performing monitoring functions, the reviewer should verify the application is monitoring correctly and mark the vulnerability NA.

Open the Exchange Management Shell and enter the following command:

perfmon

In the left pane, expand and navigate Performance >> Data Collector Sets >> User Defined.

If no sets are defined or queues are not being monitored, this is a finding.

Vulnerability Number

V-207276

Documentable

False

Rule Version

EX13-MB-000050

Severity Override Guidance

Note: If a third-party application is performing monitoring functions, the reviewer should verify the application is monitoring correctly and mark the vulnerability NA.

Open the Exchange Management Shell and enter the following command:

perfmon

In the left pane, expand and navigate Performance >> Data Collector Sets >> User Defined.

If no sets are defined or queues are not being monitored, this is a finding.

Check Content Reference

M

Target Key

2923

Comments