STIGQter STIGQter: STIG Summary: Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

Exchange email-forwarding SMTP domains must be restricted.

DISA Rule

SV-228378r612748_rule

Vulnerability Number

V-228378

Group Title

SRG-APP-000231

Rule Version

EX16-MB-000300

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Update the EDSP to specify any accounts that have been authorized to have email auto-forwarded or verify that this information is documented by the organization.

Open the Exchange Management Shell and enter the following command:

Set- RemoteDomain -Identity <RemoteDomainIdParameter>

Check Contents

Review the Email Domain Security Plan (EDSP) or document that contains this information.

Determine any accounts that have been authorized to have email auto-forwarded.

Note: If email auto-forwarding is not being used, this check is not applicable (NA).

Open the Exchange Management Shell and enter the following commands:

Get-RemoteDomain | Select Name, Identity, DomainName, AutoForwardEnabled

If any domain for a user forwarding SMTP address is not documented in the EDSP, this is a finding.

Note: If no remote SMTP domain matching the mail-enabled user or contact that allows forwarding is configured for users identified with a forwarding address, this function will not work properly.

Vulnerability Number

V-228378

Documentable

False

Rule Version

EX16-MB-000300

Severity Override Guidance

Review the Email Domain Security Plan (EDSP) or document that contains this information.

Determine any accounts that have been authorized to have email auto-forwarded.

Note: If email auto-forwarding is not being used, this check is not applicable (NA).

Open the Exchange Management Shell and enter the following commands:

Get-RemoteDomain | Select Name, Identity, DomainName, AutoForwardEnabled

If any domain for a user forwarding SMTP address is not documented in the EDSP, this is a finding.

Note: If no remote SMTP domain matching the mail-enabled user or contact that allows forwarding is configured for users identified with a forwarding address, this function will not work properly.

Check Content Reference

M

Target Key

4223

Comments