STIGQter: STIG Summary: Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

An Exchange software baseline copy must exist.

DISA Rule

SV-228401r612748_rule

Vulnerability Number

V-228401

Group Title

SRG-APP-000380

Rule Version

EX16-MB-000580

Severity

CAT II

CCI(s)

• CCI-001813 - The information system enforces access restrictions.

Weight

10

Fix Recommendation

Update the EDSP to specify the software baseline, procedures, and implementation artifacts or verify that this information is documented by the organization.

Check Contents

Review the Email Domain Security Plan (EDSP) or document that contains this information.

Determine the software baseline.

Review the application software baseline procedures and implementation artifacts.

Note the list of files and directories included in the baseline procedure for completeness.

If an email software copy exists to serve as a baseline and is available for comparison during scanning efforts, this is not a finding.

Vulnerability Number

V-228401

Documentable

False

Rule Version

EX16-MB-000580

Severity Override Guidance

Review the Email Domain Security Plan (EDSP) or document that contains this information.

Determine the software baseline.

Review the application software baseline procedures and implementation artifacts.

Note the list of files and directories included in the baseline procedure for completeness.

If an email software copy exists to serve as a baseline and is available for comparison during scanning efforts, this is not a finding.

Check Content Reference

M

Target Key

4223

Comments