STIGQter: STIG Summary: MS Exchange 2013 Client Access Server Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jan 2020:

Exchange must have the Public Folder virtual directory removed if not in use by the site.

DISA Rule

SV-84379r1_rule

Vulnerability Number

V-69757

Group Title

SRG-APP-000141

Rule Version

EX13-CA-000105

Severity

CAT III

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Open the Exchange Management Shell and enter the following command:

Remove-PublicFolder -Identity 'IdentityName' -Recurse:$True

Note: This command deletes the public folder Directory Folder and all its child public folders.

Check Contents

Review the Email Domain Security Plan (EDSP).

Determine if public folders are being used.

Open the Exchange Management Shell and enter the following command:

Get-PublicFolder | Select Name, Identity

Note: The value returns a root directory and subdirectories.

If public folders are not in use and directories exist or are being used and are not documented in the EDSP, this is a finding.

Vulnerability Number

V-69757

Documentable

False

Rule Version

EX13-CA-000105

Severity Override Guidance

Review the Email Domain Security Plan (EDSP).

Determine if public folders are being used.

Open the Exchange Management Shell and enter the following command:

Get-PublicFolder | Select Name, Identity

Note: The value returns a root directory and subdirectories.

If public folders are not in use and directories exist or are being used and are not documented in the EDSP, this is a finding.

Check Content Reference

M

Target Key

3097

Comments