STIGQter: STIG Summary: Microsoft Exchange 2013 Mailbox Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

Exchange internal Send connectors must require encryption.

DISA Rule

SV-207290r615936_rule

Vulnerability Number

V-207290

Group Title

SRG-APP-000219

Rule Version

EX13-MB-000120

Severity

CAT II

CCI(s)

• CCI-001184 - The information system protects the authenticity of communications sessions.

Weight

10

Fix Recommendation

Open the Exchange Management Shell and enter the following command:

Set-SendConnector -Identity <'IdentityName'> -TlsDomain <'SMTP Domain'>

Note: The <IdentityName> and <SMTP Domain> values must be in quotes.

Repeat the procedure for each Send connector.

Check Contents

Review the Email Domain Security Plan (EDSP).

Determine the internal SMTP Domain.

Open the Exchange Management Shell and enter the following command:

Get-SendConnector | Select Name, Identity, TlsDomain

For each Send connector, if the value of TlsDomain is not set to the value of the internal <SMTP Domain>, this is a finding.

Vulnerability Number

V-207290

Documentable

False

Rule Version

EX13-MB-000120

Severity Override Guidance

Review the Email Domain Security Plan (EDSP).

Determine the internal SMTP Domain.

Open the Exchange Management Shell and enter the following command:

Get-SendConnector | Select Name, Identity, TlsDomain

For each Send connector, if the value of TlsDomain is not set to the value of the internal <SMTP Domain>, this is a finding.

Check Content Reference

M

Target Key

2923

Comments