STIGQter: STIG Summary: Microsoft Exchange 2013 Mailbox Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The Exchange Public Store storage quota must be limited.

DISA Rule

SV-207322r615936_rule

Vulnerability Number

V-207322

Group Title

SRG-APP-000367

Rule Version

EX13-MB-000280

Severity

CAT III

CCI(s)

• CCI-001879 - The information system provides a report generation capability that supports on-demand reporting requirements.

Weight

10

Fix Recommendation

Update the EDSP.

Open the Exchange Management Shell and enter the following command:

Set-PublicFolderDatabase -Identity <'IdentityName'> -ProhibitPostQuota <'QuotaLimit'>

Note: The <IdentityName> and <QuotaLimit> values must be in quotes.

Check Contents

If public folders are not used, this check is not applicable.

Review the Email Domain Security Plan (EDSP).

Determine the value for ProhibitPostQuota.

Open the Exchange Management Shell and enter the following command:

Get-PublicFolderDatabase | Select Name, Identity, ProhibitPostQuota

If the value of ProhibitPostQuota is not set to the ProhibitPostQuota values documented in the EDSP, this is a finding.

Vulnerability Number

V-207322

Documentable

False

Rule Version

EX13-MB-000280

Severity Override Guidance

If public folders are not used, this check is not applicable.

Review the Email Domain Security Plan (EDSP).

Determine the value for ProhibitPostQuota.

Open the Exchange Management Shell and enter the following command:

Get-PublicFolderDatabase | Select Name, Identity, ProhibitPostQuota

If the value of ProhibitPostQuota is not set to the ProhibitPostQuota values documented in the EDSP, this is a finding.

Check Content Reference

M

Target Key

2923

Comments