STIGQter: STIG Summary: Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The application must update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures.

DISA Rule

SV-221269r612603_rule

Vulnerability Number

V-221269

Group Title

SRG-APP-000276

Rule Version

EX16-ED-002410

Severity

CAT II

CCI(s)

• CCI-001240 - The organization updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures.

Weight

10

Fix Recommendation

Following vendor best practice guidance, install and configure a third-party malicious code protection application.

Check Contents

Site must utilize an approved DoD third-party malicious code scanner.

Consult with System Administrator to demonstrate the application being used to provide malicious code protection in the Exchange implementation.

If System Administrator is unable to demonstrate a third-party malicious code protection application, this is a finding.

If System Administrator is unaware of a third-party malicious code protection application, this is a finding.

Vulnerability Number

V-221269

Documentable

False

Rule Version

EX16-ED-002410

Severity Override Guidance

Site must utilize an approved DoD third-party malicious code scanner.

Consult with System Administrator to demonstrate the application being used to provide malicious code protection in the Exchange implementation.

If System Administrator is unable to demonstrate a third-party malicious code protection application, this is a finding.

If System Administrator is unaware of a third-party malicious code protection application, this is a finding.

Check Content Reference

M

Target Key

4079

Comments