STIGQter: STIG Summary: Microsoft Exchange 2013 Mailbox Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The Exchange Mail Store storage quota must issue a warning.

DISA Rule

SV-207299r615936_rule

Vulnerability Number

V-207299

Group Title

SRG-APP-000246

Rule Version

EX13-MB-000165

Severity

CAT III

CCI(s)

• CCI-001094 - The information system restricts the ability of individuals to launch organization-defined denial of service attacks against other information systems.

Weight

10

Fix Recommendation

Update the EDSP.

Open the Exchange Management Shell and enter the following command:

Set-MailboxDatabase -Identity <'IdentityName'> -IssueWarningQuota <'WarningQuota'>

Note: The <IdentityName> and <WarningQuota> values must be in quotes.

Check Contents

Review the Email Domain Security Plan (EDSP).

Determine the value for Issue Warning Quota.

Open the Exchange Management Shell and enter the following command:

Get-MailboxDatabase | Select Name, Identity, IssueWarningQuota

If the value of IssueWarningQuota is not set to the site's Issue Warning Quota, this is a finding.

Vulnerability Number

V-207299

Documentable

False

Rule Version

EX13-MB-000165

Severity Override Guidance

Review the Email Domain Security Plan (EDSP).

Determine the value for Issue Warning Quota.

Open the Exchange Management Shell and enter the following command:

Get-MailboxDatabase | Select Name, Identity, IssueWarningQuota

If the value of IssueWarningQuota is not set to the site's Issue Warning Quota, this is a finding.

Check Content Reference

M

Target Key

2923

Comments