STIGQter: STIG Summary: Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

Exchange must have auto-forwarding of email to remote domains disabled or restricted.

DISA Rule

SV-221205r612603_rule

Vulnerability Number

V-221205

Group Title

SRG-APP-000038

Rule Version

EX16-ED-000040

Severity

CAT II

CCI(s)

CCI-001368 - The information system enforces approved authorizations for controlling the flow of information within the system based on organization-defined information flow control policies.

Weight

Fix Recommendation

For Non-Enterprise Mail Fix Text:

Open the Exchange Management Shell and enter the following command:

Set-RemoteDomain -Identity <'IdentityName'> -AutoForwardEnabled $false

Note: The <IdentityName> value must be in single quotes.

For Enterprise Mail Fix Text, enter the following commands:

New-RemoteDomain -Name <NewDomainName> -DomainName <SMTP address space>

Note: NewDomainName must be either a ".mil" or ".gov" domain.

Set-RemoteDomain -Identity <'IdentityName'> -AutoForwardEnabled $true

Check Contents

Non-Enterprise Mail Check Content:

Open the Exchange Management Shell and enter the following command:

Get-RemoteDomain | Select Name, DomainName, Identity, AutoForwardEnabled

If the value of "AutoForwardEnabled" is not set to "False", this is a finding.

Enterprise Mail Check Content:

Open the Exchange Management Shell and enter the following command:

Get-RemoteDomain | Select Name, DomainName, Identity, AutoForwardEnabled

If the value of “AutoForwardEnabled” is “True” and “DomainName” is not set to a “.mil” and/or “.gov” domain(s), this is a finding.

Exchange must have auto-forwarding of email to remote domains disabled or restricted.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments