STIGQter STIGQter: STIG Summary: MS Exchange 2013 Client Access Server Security Technical Implementation Guide

Version: 1

Release: 3 Benchmark Date: 24 Jan 2020

SV-84337r1_ruleExchange must use Encryption for RPC client access.
SV-84339r2_ruleExchange must use Encryption for OWA access.
SV-84341r2_ruleExchange must have Forms-based Authentication disabled.
SV-84343r1_ruleExchange must have authenticated access set to Integrated Windows Authentication only.
SV-84345r1_ruleExchange must have Administrator audit logging enabled.
SV-84347r1_ruleExchange Servers must use approved DoD certificates.
SV-84349r1_ruleExchange ActiveSync (EAS) must only use certificate-based authentication to access email.
SV-84351r1_ruleExchange must have IIS map client certificates to an approved certificate server.
SV-84353r1_ruleExchange Email Diagnostic log level must be set to lowest level.
SV-84355r1_ruleExchange must have Audit record parameters set.
SV-84357r1_ruleExchange must have Queue monitoring configured with threshold and action.
SV-84359r1_ruleExchange must have Send Fatal Errors to Microsoft disabled.
SV-84361r1_ruleExchange must have Audit data protected against unauthorized read access.
SV-84363r1_ruleExchange must not send Customer Experience reports to Microsoft.
SV-84365r1_ruleExchange must have Audit data protected against unauthorized modification.
SV-84367r1_ruleExchange must have audit data protected against unauthorized deletion.
SV-84369r1_ruleExchange must have Audit data on separate partitions.
SV-84373r1_ruleExchange Local machine policy must require signed scripts.
SV-84375r1_ruleExchange IMAP4 service must be disabled.
SV-84377r1_ruleExchange POP3 service must be disabled.
SV-84379r1_ruleExchange must have the Public Folder virtual directory removed if not in use by the site.
SV-84381r1_ruleExchange must have the Microsoft Active Sync directory removed.
SV-84383r1_ruleExchange application directory must be protected from unauthorized access.
SV-84385r1_ruleExchange software baseline copy must exist.
SV-84387r1_ruleExchange software must be monitored for unauthorized changes.
SV-84389r1_ruleExchange services must be documented and unnecessary services must be removed or disabled.
SV-84391r1_ruleExchange Outlook Anywhere (OA) clients must use NTLM authentication to access email.
SV-84393r1_ruleExchange software must be installed on a separate partition from the OS.
SV-84395r1_ruleExchange must provide redundancy.
SV-84397r2_ruleExchange OWA must use https.
SV-84399r1_ruleExchange OWA must have S/MIME Certificates enabled.
SV-84401r1_ruleExchange must have the most current, approved service pack installed.
SV-84403r2_ruleExchange must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.