STIGQter: STIG Summary: Microsoft Exchange 2013 Mailbox Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

A DoD-approved third party Exchange-aware malicious code protection application must be implemented.

DISA Rule

SV-207336r615936_rule

Vulnerability Number

V-207336

Group Title

SRG-APP-000278

Rule Version

EX13-MB-003031

Severity

CAT II

CCI(s)

• CCI-001242 - The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.

Weight

10

Fix Recommendation

Following vendor best practice guidance, install and configure the third party malicious code protection application.

Check Contents

Site must utilize an approved DoD third party malicious code scanner.

Consult with System Administrator to demonstrate the application being used to provide malicious code protection in the Exchange implementation.

If System Administrator is unable to demonstrate a third party malicious code protection application, this is a finding.

If System Administrator is unaware of a third party malicious code protection application, this is a finding.

Vulnerability Number

V-207336

Documentable

False

Rule Version

EX13-MB-003031

Severity Override Guidance

Site must utilize an approved DoD third party malicious code scanner.

Consult with System Administrator to demonstrate the application being used to provide malicious code protection in the Exchange implementation.

If System Administrator is unable to demonstrate a third party malicious code protection application, this is a finding.

If System Administrator is unaware of a third party malicious code protection application, this is a finding.

Check Content Reference

M

Target Key

2923

Comments