STIGQter: STIG Summary:| Checked | Name | Title |
|---|---|---|
| ☐ | SV-228354r612748_rule | Exchange must have Administrator audit logging enabled. |
| ☐ | SV-228355r612748_rule | Exchange servers must use approved DoD certificates. |
| ☐ | SV-228356r612748_rule | Exchange auto-forwarding email to remote domains must be disabled or restricted. |
| ☐ | SV-228357r612748_rule | Exchange Connectivity logging must be enabled. |
| ☐ | SV-228358r612748_rule | The Exchange Email Diagnostic log level must be set to the lowest level. |
| ☐ | SV-228359r612748_rule | Exchange Audit record parameters must be set. |
| ☐ | SV-228360r612748_rule | Exchange Circular Logging must be disabled. |
| ☐ | SV-228361r612748_rule | Exchange Email Subject Line logging must be disabled. |
| ☐ | SV-228362r612748_rule | Exchange Message Tracking Logging must be enabled. |
| ☐ | SV-228363r612748_rule | Exchange Queue monitoring must be configured with threshold and action. |
| ☐ | SV-228364r612748_rule | Exchange Send Fatal Errors to Microsoft must be disabled. |
| ☐ | SV-228365r612748_rule | Exchange must protect audit data against unauthorized read access. |
| ☐ | SV-228366r612748_rule | Exchange must not send Customer Experience reports to Microsoft. |
| ☐ | SV-228367r612748_rule | Exchange must protect audit data against unauthorized access. |
| ☐ | SV-228368r612748_rule | Exchange must protect audit data against unauthorized deletion. |
| ☐ | SV-228369r612748_rule | Exchange Audit data must be on separate partitions. |
| ☐ | SV-228370r612748_rule | Exchange Local machine policy must require signed scripts. |
| ☐ | SV-228371r612748_rule | The Exchange Internet Message Access Protocol 4 (IMAP4) service must be disabled. |
| ☐ | SV-228372r612748_rule | The Exchange Post Office Protocol 3 (POP3) service must be disabled. |
| ☐ | SV-228373r612748_rule | Exchange Mailbox databases must reside on a dedicated partition. |
| ☐ | SV-228374r612748_rule | Exchange Internet-facing Send connectors must specify a Smart Host. |
| ☐ | SV-228375r612748_rule | Exchange internal Receive connectors must require encryption. |
| ☐ | SV-228376r612748_rule | Exchange Mailboxes must be retained until backups are complete. |
| ☐ | SV-228377r612748_rule | Exchange email forwarding must be restricted. |
| ☐ | SV-228378r612748_rule | Exchange email-forwarding SMTP domains must be restricted. |
| ☐ | SV-228379r612748_rule | Exchange Mail quota settings must not restrict receiving mail. |
| ☐ | SV-228380r612748_rule | Exchange Mail Quota settings must not restrict receiving mail. |
| ☐ | SV-228381r612748_rule | Exchange Mailbox Stores must mount at startup. |
| ☐ | SV-228382r612748_rule | Exchange Message size restrictions must be controlled on Receive connectors. |
| ☐ | SV-228383r612748_rule | Exchange Receive connectors must control the number of recipients per message. |
| ☐ | SV-228384r612748_rule | The Exchange Receive Connector Maximum Hop Count must be 60. |
| ☐ | SV-228385r612748_rule | Exchange Message size restrictions must be controlled on Send connectors. |
| ☐ | SV-228386r612748_rule | The Exchange Send connector connections count must be limited. |
| ☐ | SV-228387r612748_rule | The Exchange global inbound message size must be controlled. |
| ☐ | SV-228388r612748_rule | The Exchange global outbound message size must be controlled. |
| ☐ | SV-228389r612748_rule | The Exchange Outbound Connection Limit per Domain Count must be controlled. |
| ☐ | SV-228390r612748_rule | The Exchange Outbound Connection Timeout must be 10 minutes or less. |
| ☐ | SV-228391r612748_rule | Exchange Internal Receive connectors must not allow anonymous connections. |
| ☐ | SV-228392r612748_rule | Exchange external/Internet-bound automated response messages must be disabled. |
| ☐ | SV-228393r612748_rule | Exchange must have anti-spam filtering installed. |
| ☐ | SV-228394r612748_rule | Exchange must have anti-spam filtering enabled. |
| ☐ | SV-228395r612748_rule | Exchange must have anti-spam filtering configured. |
| ☐ | SV-228396r612748_rule | Exchange must not send automated replies to remote domains. |
| ☐ | SV-228397r612748_rule | Exchange servers must have an approved DoD email-aware virus protection software installed. |
| ☐ | SV-228398r612748_rule | The Exchange Global Recipient Count Limit must be set. |
| ☐ | SV-228399r612748_rule | The Exchange Receive connector timeout must be limited. |
| ☐ | SV-228400r612748_rule | The Exchange application directory must be protected from unauthorized access. |
| ☐ | SV-228401r612748_rule | An Exchange software baseline copy must exist. |
| ☐ | SV-228402r612748_rule | Exchange software must be monitored for unauthorized changes. |
| ☐ | SV-228403r612748_rule | Exchange services must be documented and unnecessary services must be removed or disabled. |
| ☐ | SV-228404r612748_rule | Exchange Outlook Anywhere clients must use NTLM authentication to access email. |
| ☐ | SV-228405r612748_rule | The Exchange Email application must not share a partition with another application. |
| ☐ | SV-228406r612748_rule | Exchange must not send delivery reports to remote domains. |
| ☐ | SV-228407r684255_rule | Exchange must not send nondelivery reports to remote domains. |
| ☐ | SV-228408r612748_rule | The Exchange SMTP automated banner response must not reveal server details. |
| ☐ | SV-228409r612748_rule | Exchange Internal Send connectors must use an authentication level. |
| ☐ | SV-228410r612748_rule | Exchange must provide Mailbox databases in a highly available and redundant configuration. |
| ☐ | SV-228411r612748_rule | Exchange must have the most current, approved service pack installed. |
| ☐ | SV-228412r612748_rule | The application must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. |
| ☐ | SV-228413r612748_rule | The applications built-in Malware Agent must be disabled. |
| ☐ | SV-228415r612748_rule | Exchange must use encryption for RPC client access. |
| ☐ | SV-228416r684257_rule | Exchange must use encryption for Outlook Web App (OWA) access. |
| ☐ | SV-228417r612748_rule | Exchange must have Forms-based Authentication enabled. |
| ☐ | SV-228418r612748_rule | Exchange must have authenticated access set to Integrated Windows Authentication only. |