STIGQter: STIG Summary: Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Exchange Global Recipient Count Limit must be set.

DISA Rule

SV-228398r612748_rule

Vulnerability Number

V-228398

Group Title

SRG-APP-000261

Rule Version

EX16-MB-000540

Severity

CAT III

CCI(s)

• CCI-001308 - The information system automatically updates spam protection mechanisms.

Weight

10

Fix Recommendation

Update the EDSP to specify the global maximum message recipient count.

Set-TransportConfig -MaxRecipientEnvelopeLimit 5000

or

Enter the value as identified by the EDSP that has obtained a signoff with risk acceptance.

Restart the Microsoft Exchange Information Store service.

Check Contents

Review the Email Domain Security Plan (EDSP).

Determine the global maximum message recipient count.

Open the Exchange Management Shell and enter the following command:

Get-TransportConfig | Select Name, Identity, MaxRecipientEnvelopeLimit

If the value of "MaxRecipientEnvelopeLimit" is not set to "5000", this is a finding.

or

If "MaxRecipientEnvelopeLimit" is set to an alternate value and has signoff and risk acceptance in the EDSP, this is not a finding.

Vulnerability Number

V-228398

Documentable

False

Rule Version

EX16-MB-000540

Severity Override Guidance

Review the Email Domain Security Plan (EDSP).

Determine the global maximum message recipient count.

Open the Exchange Management Shell and enter the following command:

Get-TransportConfig | Select Name, Identity, MaxRecipientEnvelopeLimit

If the value of "MaxRecipientEnvelopeLimit" is not set to "5000", this is a finding.

or

If "MaxRecipientEnvelopeLimit" is set to an alternate value and has signoff and risk acceptance in the EDSP, this is not a finding.

Check Content Reference

M

Target Key

4223

Comments