STIGQter: STIG Summary: Exchange 2010 Client Access Server STIG Version: 1 Release: 9 Benchmark Date: 27 Jan 2017:

Encryption must be used for OWA access.

DISA Rule

SV-44005r3_rule

Vulnerability Number

V-33585

Group Title

Exch-1-203

Rule Version

Exch-1-203

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the OWA site to require SSL port 443.

Check Contents

Open the Windows PowerShell Modules and enter the following command:

Import-module webadministration
IIS:
cd Sites
cd “Default Web Site”
cd owa

PS IIS:\Sites\Default Web Site\owa> Get-WebConfigurationProperty -filter /system.webServer/security/access -name sslflags

Review the result and verify only TLSv1.0 or higher is returned. If not, this is a finding.

Vulnerability Number

V-33585

Documentable

False

Rule Version

Exch-1-203

Severity Override Guidance

Open the Windows PowerShell Modules and enter the following command:

Import-module webadministration
IIS:
cd Sites
cd “Default Web Site”
cd owa

PS IIS:\Sites\Default Web Site\owa> Get-WebConfigurationProperty -filter /system.webServer/security/access -name sslflags

Review the result and verify only TLSv1.0 or higher is returned. If not, this is a finding.

Check Content Reference

M

Target Key

1995

Comments