STIGQter: STIG Summary: Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List entries must be empty.

DISA Rule

SV-221246r612603_rule

Vulnerability Number

V-221246

Group Title

SRG-APP-000261

Rule Version

EX16-ED-000500

Severity

CAT II

CCI(s)

• CCI-001308 - The information system automatically updates spam protection mechanisms.

Weight

10

Fix Recommendation

Update the EDSP to reflect the SMTP allow list settings.

Open the Exchange Management Shell and enter the following command:

Note: Remove any value(s) that are not identified by the EDSP or have not obtained a signoff with risk acceptance.

Remove-IPAllowListEntry -Identity <IP Allow List entry ID>

Check Contents

Review the Email Domain Security Plan (EDSP).

Identify the SMTP allow list settings.

Open the Exchange Management Shell and enter the following command:

Get-IPAllowListEntry | fl

If the result returns any values, this is a finding.

or

If the result returns any values but has signoff and risk acceptance in the EDSP, this is not a finding.

Vulnerability Number

V-221246

Documentable

False

Rule Version

EX16-ED-000500

Severity Override Guidance

Review the Email Domain Security Plan (EDSP).

Identify the SMTP allow list settings.

Open the Exchange Management Shell and enter the following command:

Get-IPAllowListEntry | fl

If the result returns any values, this is a finding.

or

If the result returns any values but has signoff and risk acceptance in the EDSP, this is not a finding.

Check Content Reference

M

Target Key

4079

Comments