STIGQter STIGQter: STIG Summary:

Exchange 2010 Client Access Server STIG

Version: 1

Release: 9 Benchmark Date: 27 Jan 2017

SV-43979r1_ruleEncryption must be used for RPC client access.
SV-43982r1_ruleThe Microsoft Exchange IMAP4 service must be disabled.
SV-43990r1_ruleThe Microsoft Exchange POP3 service must be disabled.
SV-43991r1_ruleThe Public Folder virtual directory must be removed if not in use by the site.
SV-44003r1_ruleWeb email must use standard ports protocols.
SV-44005r3_ruleEncryption must be used for OWA access.
SV-44008r1_ruleForms-based Authentication must not be enabled.
SV-44026r2_ruleEmail Diagnostic log level must be set to low or lowest level.
SV-44027r2_ruleOutlook Anywhere (OA) clients must use NTLM authentication to access email.
SV-44028r2_ruleThe Send Fatal Errors to Microsoft must be disabled.
SV-44029r2_ruleAdministrator audit logging must be enabled.
SV-44030r1_ruleThe Microsoft Active Sync directory must be removed.
SV-44031r1_ruleAudit data must be protected against unauthorized access.
SV-44033r1_ruleExchange application directory must be protected from unauthorized access.
SV-44036r1_ruleExchange must not send Customer Experience reports to Microsoft.
SV-44037r2_ruleAudit record parameters must be set.
SV-44038r1_ruleAudit data must be on separate partitions.
SV-44039r3_ruleQueue monitoring must be configured with threshold and action.
SV-44040r1_ruleEmail software must be monitored for change on INFOCON frequency schedule.
SV-44041r1_ruleExchange software baseline copy must exist.
SV-44043r2_ruleServices must be documented and unnecessary services must be removed or disabled.
SV-44045r2_ruleEmail application must not share a partition with another application.
SV-44046r2_ruleServers must use approved DoD certificates.
SV-44049r3_ruleThe current, approved service pack must be installed.
SV-44052r1_ruleLocal machine policy must require signed scripts.
SV-44065r2_ruleHTTP authenticated access must be set to Integrated Windows Authentication only.
SV-50983r2_ruleExchange ActiveSync (EAS) must only use certificate-based authentication to access email.
SV-50988r2_ruleIIS must map client certificates to an approved certificate server