STIGQter STIGQter: STIG Summary:

Exchange 2010 Hub Transport Server STIG

Version: 1

Release: 12 Benchmark Date: 27 Jan 2017

SV-43981r3_ruleMessage size restrictions must be controlled on Receive connectors.
SV-43984r1_ruleReceive Connector timeout must be limited.
SV-43986r1_ruleInternal Receive Connectors must not allow anonymous connections.
SV-43987r1_ruleInternal Receive Connectors must require encryption.
SV-43992r2_ruleReceive Connectors must control the number of recipients per message.
SV-43995r1_ruleReceive Connectors must be clearly named.
SV-43996r2_ruleAuto-forwarding email to remote domains must be disabled or restricted.
SV-43999r2_ruleReceive Connector Maximum Hop Count must be 60.
SV-44004r1_ruleSend Connectors must be clearly named.
SV-44006r1_ruleSend Connectors delivery retries must be controlled.
SV-44007r3_ruleMessage size restrictions must be controlled on Send connectors.
SV-44009r1_ruleSend Connector connections count must be limited.
SV-44010r1_ruleInternal Send Connectors must use Domain Security (Mutual Authentication TLS).
SV-44012r3_ruleInternal Send Connectors must require encryption.
SV-44014r2_ruleInternet facing send Connectors must specify a Smart Host.
SV-44016r1_ruleConnectivity logging must be enabled.
SV-44018r1_ruleExchange must not send delivery reports to remote domains.
SV-44019r1_ruleExchange must not send non-delivery reports to remote domains.
SV-44021r1_ruleExternal/Internet bound automated response messages must be disabled.
SV-44023r1_ruleExchange must not send auto replies to remote domains.
SV-44026r2_ruleEmail Diagnostic log level must be set to low or lowest level.
SV-44028r2_ruleThe Send Fatal Errors to Microsoft must be disabled.
SV-44029r2_ruleAdministrator audit logging must be enabled.
SV-44031r1_ruleAudit data must be protected against unauthorized access.
SV-44033r1_ruleExchange application directory must be protected from unauthorized access.
SV-44036r1_ruleExchange must not send Customer Experience reports to Microsoft.
SV-44037r2_ruleAudit record parameters must be set.
SV-44038r1_ruleAudit data must be on separate partitions.
SV-44039r3_ruleQueue monitoring must be configured with threshold and action.
SV-44040r1_ruleEmail software must be monitored for change on INFOCON frequency schedule.
SV-44041r1_ruleExchange software baseline copy must exist.
SV-44043r2_ruleServices must be documented and unnecessary services must be removed or disabled.
SV-44044r1_ruleGlobal inbound message size must be controlled.
SV-44045r2_ruleEmail application must not share a partition with another application.
SV-44046r2_ruleServers must use approved DoD certificates.
SV-44047r2_ruleGlobal outbound message size must be controlled.
SV-44049r3_ruleThe current, approved service pack must be installed.
SV-44050r1_ruleGlobal recipient count limit must be set.
SV-44052r1_ruleLocal machine policy must require signed scripts.
SV-44054r1_ruleSMTP automated banner response must not reveal server details.
SV-44055r2_ruleOutbound Connection Limit per Domain Count must be controlled.
SV-44066r1_ruleOutbound Connection Timeout must be 10 or less.
SV-75445r1_ruleInternal Send Connectors must use an authentication level