STIGQter: STIG Summary: Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

Exchange must have anti-spam filtering enabled.

DISA Rule

SV-228394r612748_rule

Vulnerability Number

V-228394

Group Title

SRG-APP-000261

Rule Version

EX16-MB-000500

Severity

CAT II

CCI(s)

CCI-001308 - The information system automatically updates spam protection mechanisms.

Weight

Fix Recommendation

Update the EDSP with the anti-spam mechanism used.

Open the Exchange Management Shell and enter the following command for any values that were not set to "True":

Set-ContentFilterConfig -Enabled $true

Set-SenderFilterConfig -Enabled $true

Set-SenderIDConfig -Enabled $true

Set-SenderReputationConfig -Enabled $true

Check Contents

Review the Email Domain Security Plan (EDSP).

Note: If using another DoD-approved anti-spam product for email or a DoD-approved email gateway spamming device, such as Enterprise Email Security Gateway (EEMSG), this is not applicable (NA).

Open the Exchange Management Shell and enter the following command:

Get-ContentFilterConfig | Format-Table Name,Enabled; Get-SenderFilterConfig | Format-Table Name,Enabled; Get-SenderIDConfig | Format-Table Name,Enabled; Get-SenderReputationConfig | Format-Table Name,Enabled

If any of the following values returned are not set to "True", this is a finding:

Set-ContentFilterConfig
Set-SenderFilterConfig
Set-SenderIDConfig
Set-SenderReputationConfig

Exchange must have anti-spam filtering enabled.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments