STIGQter: STIG Summary:| Checked | Name | Title |
|---|---|---|
| ☐ | SV-207267r615936_rule | Exchange must have Administrator audit logging enabled. |
| ☐ | SV-207268r615936_rule | Exchange Servers must use approved DoD certificates. |
| ☐ | SV-207269r615936_rule | Exchange auto-forwarding email to remote domains must be disabled or restricted. |
| ☐ | SV-207270r615936_rule | Exchange Connectivity logging must be enabled. |
| ☐ | SV-207271r615936_rule | The Exchange Email Diagnostic log level must be set to the lowest level. |
| ☐ | SV-207272r615936_rule | Exchange Audit record parameters must be set. |
| ☐ | SV-207273r615936_rule | Exchange Circular Logging must be disabled. |
| ☐ | SV-207274r615936_rule | Exchange Email Subject Line logging must be disabled. |
| ☐ | SV-207275r615936_rule | Exchange Message Tracking Logging must be enabled. |
| ☐ | SV-207276r615936_rule | Exchange Queue monitoring must be configured with threshold and action. |
| ☐ | SV-207277r615936_rule | Exchange Send Fatal Errors to Microsoft must be disabled. |
| ☐ | SV-207278r615936_rule | Exchange must protect audit data against unauthorized read access. |
| ☐ | SV-207279r615936_rule | Exchange must not send Customer Experience reports to Microsoft. |
| ☐ | SV-207280r615936_rule | Exchange must protect audit data against unauthorized access. |
| ☐ | SV-207281r615936_rule | Exchange must protect audit data against unauthorized deletion. |
| ☐ | SV-207282r615936_rule | Exchange Audit data must be on separate partitions. |
| ☐ | SV-207283r615936_rule | Exchange Local machine policy must require signed scripts. |
| ☐ | SV-207284r615936_rule | The Exchange IMAP4 service must be disabled. |
| ☐ | SV-207285r615936_rule | The Exchange POP3 service must be disabled. |
| ☐ | SV-207286r615936_rule | Exchange Mailbox databases must reside on a dedicated partition. |
| ☐ | SV-207287r615936_rule | Exchange Internet-facing Send connectors must specify a Smart Host. |
| ☐ | SV-207288r615936_rule | Exchange internal Receive connectors must require encryption. |
| ☐ | SV-207289r615936_rule | Exchange internal Receive connectors must use Domain Security (mutual authentication Transport Layer Security). |
| ☐ | SV-207290r615936_rule | Exchange internal Send connectors must require encryption. |
| ☐ | SV-207291r615936_rule | Exchange Public Folder stores must be retained until backups are complete. |
| ☐ | SV-207292r615936_rule | The Exchange Public Folder database must not be overwritten by a restore. |
| ☐ | SV-207293r615936_rule | Exchange Mailboxes must be retained until backups are complete. |
| ☐ | SV-207294r615936_rule | The Exchange Mailbox database must not be overwritten by a restore. |
| ☐ | SV-207295r615936_rule | Exchange email forwarding must be restricted. |
| ☐ | SV-207296r615936_rule | Exchange email-forwarding SMTP domains must be restricted. |
| ☐ | SV-207297r615936_rule | Exchange Mail quota settings must not restrict receiving mail. |
| ☐ | SV-207298r615936_rule | Exchange Mail Quota settings must not restrict receiving mail. |
| ☐ | SV-207299r615936_rule | The Exchange Mail Store storage quota must issue a warning. |
| ☐ | SV-207300r615936_rule | Exchange Mailbox Stores must mount at startup. |
| ☐ | SV-207301r615936_rule | Exchange Message size restrictions must be controlled on Receive connectors. |
| ☐ | SV-207302r615936_rule | Exchange Receive connectors must control the number of recipients per message. |
| ☐ | SV-207303r615936_rule | Exchange Receive connectors must be clearly named. |
| ☐ | SV-207304r615936_rule | The Exchange Receive Connector Maximum Hop Count must be 60. |
| ☐ | SV-207305r615936_rule | Exchange Send connectors must be clearly named. |
| ☐ | SV-207306r615936_rule | Exchange Send connectors delivery retries must be controlled. |
| ☐ | SV-207307r615936_rule | Exchange Message size restrictions must be controlled on Send connectors. |
| ☐ | SV-207308r615936_rule | The Exchange Send connector connections count must be limited. |
| ☐ | SV-207309r615936_rule | The Exchange global inbound message size must be controlled. |
| ☐ | SV-207310r615936_rule | The Exchange global outbound message size must be controlled. |
| ☐ | SV-207311r615936_rule | The Exchange Outbound Connection Limit per Domain Count must be controlled. |
| ☐ | SV-207312r615936_rule | The Exchange Outbound Connection Timeout must be 10 minutes or less. |
| ☐ | SV-207313r615936_rule | Exchange Internal Receive connectors must not allow anonymous connections. |
| ☐ | SV-207314r615936_rule | Exchange external/Internet-bound automated response messages must be disabled. |
| ☐ | SV-207315r615936_rule | Exchange must have antispam filtering installed. |
| ☐ | SV-207316r615936_rule | Exchange must have antispam filtering enabled. |
| ☐ | SV-207317r615936_rule | Exchange must have antispam filtering configured. |
| ☐ | SV-207318r615936_rule | Exchange must not send automated replies to remote domains. |
| ☐ | SV-207319r615936_rule | Exchange servers must have an approved DoD email-aware virus protection software installed. |
| ☐ | SV-207320r615936_rule | The Exchange Global Recipient Count Limit must be set. |
| ☐ | SV-207321r615936_rule | The Exchange Receive connector timeout must be limited. |
| ☐ | SV-207322r615936_rule | The Exchange Public Store storage quota must be limited. |
| ☐ | SV-207323r615936_rule | The Exchange application directory must be protected from unauthorized access. |
| ☐ | SV-207324r615936_rule | An Exchange software baseline copy must exist. |
| ☐ | SV-207325r615936_rule | Exchange software must be monitored for unauthorized changes. |
| ☐ | SV-207326r615936_rule | Exchange services must be documented and unnecessary services must be removed or disabled. |
| ☐ | SV-207327r615936_rule | Exchange Outlook Anywhere (OA) clients must use NTLM authentication to access email. |
| ☐ | SV-207328r615936_rule | The Exchange Email application must not share a partition with another application. |
| ☐ | SV-207329r615936_rule | Exchange must not send delivery reports to remote domains. |
| ☐ | SV-207330r615936_rule | Exchange must not send nondelivery reports to remote domains. |
| ☐ | SV-207331r615936_rule | The Exchange SMTP automated banner response must not reveal server details. |
| ☐ | SV-207332r615936_rule | Exchange must provide Mailbox databases in a highly available and redundant configuration. |
| ☐ | SV-207333r615936_rule | Exchange must have the most current, approved service pack installed. |
| ☐ | SV-207334r615936_rule | Exchange Public Folder Stores must mount at startup. |
| ☐ | SV-207335r615936_rule | The applications built-in Malware Agent must be disabled. |
| ☐ | SV-207336r615936_rule | A DoD-approved third party Exchange-aware malicious code protection application must be implemented. |