STIGQter: STIG Summary: Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

Exchange Queue monitoring must be configured with threshold and action.

DISA Rule

SV-228363r612748_rule

Vulnerability Number

V-228363

Group Title

SRG-APP-000111

Rule Version

EX16-MB-000100

Severity

CAT II

CCI(s)

• CCI-000154 - The information system provides the capability to centrally review and analyze audit records from multiple components within the system.

Weight

10

Fix Recommendation

Open the Exchange Management Shell and enter the following command:

perfmon

In the left pane, navigate to and select Performance >> Data Collector Sets >> User Defined.

Right-click on, navigate to, and configure User Defined >> New >> Data Collector Sets and configure the system to use the data collection set for monitoring the queues.

Check Contents

Note: If a third-party application is performing monitoring functions, the reviewer should verify the application is monitoring correctly and mark the vulnerability not applicable (NA).

Open the Exchange Management Shell and enter the following command:

perfmon
Get-MonitoringItemHelp -Identity <String> -Server <ServerIdParameter>

If no sets are defined or queues are not being monitored, this is a finding.

Vulnerability Number

V-228363

Documentable

False

Rule Version

EX16-MB-000100

Severity Override Guidance

Note: If a third-party application is performing monitoring functions, the reviewer should verify the application is monitoring correctly and mark the vulnerability not applicable (NA).

Open the Exchange Management Shell and enter the following command:

perfmon
Get-MonitoringItemHelp -Identity <String> -Server <ServerIdParameter>

If no sets are defined or queues are not being monitored, this is a finding.

Check Content Reference

M

Target Key

4223

Comments