STIGQter: STIG Summary: Microsoft Exchange 2013 Mailbox Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The Exchange Global Recipient Count Limit must be set.

DISA Rule

SV-207320r615936_rule

Vulnerability Number

V-207320

Group Title

SRG-APP-000261

Rule Version

EX13-MB-000270

Severity

CAT III

CCI(s)

• CCI-001308 - The information system automatically updates spam protection mechanisms.

Weight

10

Fix Recommendation

Update the EDSP.

Set-TransportConfig -MaxRecipientEnvelopeLimit 5000

or

The value as identified by the EDSP that has obtained a signoff with risk acceptance.

Restart the Microsoft Exchange Information Store service.

Check Contents

Review the Email Domain Security Plan (EDSP).

Determine the global maximum message recipient count.

Open the Exchange Management Shell and enter the following command:

Get-TransportConfig | Select Name, Identity, MaxRecipientEnvelopeLimit

If the value of MaxRecipientEnvelopeLimit is not set to 5000, this is a finding.

or

If the value of MaxRecipientEnvelopeLimit value is set to an alternate value and has signoff and risk acceptance in the EDSP, this is not a finding.

Vulnerability Number

V-207320

Documentable

False

Rule Version

EX13-MB-000270

Severity Override Guidance

Review the Email Domain Security Plan (EDSP).

Determine the global maximum message recipient count.

Open the Exchange Management Shell and enter the following command:

Get-TransportConfig | Select Name, Identity, MaxRecipientEnvelopeLimit

If the value of MaxRecipientEnvelopeLimit is not set to 5000, this is a finding.

or

If the value of MaxRecipientEnvelopeLimit value is set to an alternate value and has signoff and risk acceptance in the EDSP, this is not a finding.

Check Content Reference

M

Target Key

2923

Comments