STIGQter: STIG Summary:| Checked | Name | Title |
|---|---|---|
| ☐ | SV-43976r1_rule | Sender Identification Framework must be enabled. |
| ☐ | SV-43977r2_rule | SMTP Sender Filter must be enabled. |
| ☐ | SV-43978r1_rule | SMTP IP Allow List Connection Filter must be enabled. |
| ☐ | SV-43980r1_rule | SMTP IP Allow List entries must be empty. |
| ☐ | SV-43981r3_rule | Message size restrictions must be controlled on Receive connectors. |
| ☐ | SV-43983r2_rule | Internet Receive Connector connections count must be set to default. |
| ☐ | SV-43985r1_rule | Receive Connector timeout must be limited. |
| ☐ | SV-43986r1_rule | Internal Receive Connectors must not allow anonymous connections. |
| ☐ | SV-43987r1_rule | Internal Receive Connectors must require encryption. |
| ☐ | SV-43988r1_rule | External Receive Connectors must be Domain Secure Enabled. |
| ☐ | SV-43989r1_rule | Internet facing receive connectors must offer TLS before using basic authentication. |
| ☐ | SV-43992r2_rule | Receive Connectors must control the number of recipients per message. |
| ☐ | SV-43994r1_rule | Receive Connectors must control the number of recipients chunked on a single message. |
| ☐ | SV-43995r1_rule | Receive Connectors must be clearly named. |
| ☐ | SV-43996r2_rule | Auto-forwarding email to remote domains must be disabled or restricted. |
| ☐ | SV-43998r1_rule | Tarpitting interval must be set. |
| ☐ | SV-43999r2_rule | Receive Connector Maximum Hop Count must be 60. |
| ☐ | SV-44001r1_rule | Recipient filter must be enabled. |
| ☐ | SV-44004r1_rule | Send Connectors must be clearly named. |
| ☐ | SV-44006r1_rule | Send Connectors delivery retries must be controlled. |
| ☐ | SV-44007r3_rule | Message size restrictions must be controlled on Send connectors. |
| ☐ | SV-44009r1_rule | Send Connector connections count must be limited. |
| ☐ | SV-44010r1_rule | Internal Send Connectors must use Domain Security (Mutual Authentication TLS). |
| ☐ | SV-44012r3_rule | Internal Send Connectors must require encryption. |
| ☐ | SV-44014r2_rule | Internet facing send Connectors must specify a Smart Host. |
| ☐ | SV-44016r1_rule | Connectivity logging must be enabled. |
| ☐ | SV-44026r2_rule | Email Diagnostic log level must be set to low or lowest level. |
| ☐ | SV-44028r2_rule | The Send Fatal Errors to Microsoft must be disabled. |
| ☐ | SV-44031r1_rule | Audit data must be protected against unauthorized access. |
| ☐ | SV-44033r1_rule | Exchange application directory must be protected from unauthorized access. |
| ☐ | SV-44036r1_rule | Exchange must not send Customer Experience reports to Microsoft. |
| ☐ | SV-44038r1_rule | Audit data must be on separate partitions. |
| ☐ | SV-44039r3_rule | Queue monitoring must be configured with threshold and action. |
| ☐ | SV-44040r1_rule | Email software must be monitored for change on INFOCON frequency schedule. |
| ☐ | SV-44041r1_rule | Exchange software baseline copy must exist. |
| ☐ | SV-44042r1_rule | Accepted domains must be configured. |
| ☐ | SV-44043r2_rule | Services must be documented and unnecessary services must be removed or disabled. |
| ☐ | SV-44045r3_rule | Email application must not share a partition with another application. |
| ☐ | SV-44046r2_rule | Servers must use approved DoD certificates. |
| ☐ | SV-44047r2_rule | Global outbound message size must be controlled. |
| ☐ | SV-44049r3_rule | The current, approved service pack must be installed. |
| ☐ | SV-44051r1_rule | Messages with malformed from address must be rejected. |
| ☐ | SV-44052r1_rule | Local machine policy must require signed scripts. |
| ☐ | SV-44053r2_rule | Block list service provider must be identified. |
| ☐ | SV-44054r1_rule | SMTP automated banner response must not reveal server details. |
| ☐ | SV-44055r2_rule | Outbound Connection Limit per Domain Count must be controlled. |
| ☐ | SV-44056r1_rule | SPAM evaluation filter must be enabled. |
| ☐ | SV-44057r2_rule | Attachment filtering must remove undesirable attachments by file type. |
| ☐ | SV-44058r1_rule | Sender reputation filter must identify SPAM block level. |
| ☐ | SV-44059r1_rule | Sender reputation filter must be enabled. |
| ☐ | SV-44060r1_rule | Non-existent recipients must not be blocked. |
| ☐ | SV-44061r1_rule | Sender Filter must block accepted domains at the edge. |
| ☐ | SV-44062r1_rule | Filtered messages must be archived. |
| ☐ | SV-44063r2_rule | Messages with blank sender field must be filtered. |
| ☐ | SV-44064r2_rule | Messages with blank senders must be rejected. |
| ☐ | SV-44066r1_rule | Outbound Connection Timeout must be 10 or less. |
| ☐ | SV-75445r1_rule | Internal Send Connectors must use an authentication level |