STIGQter: STIG Summary: Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

Exchange must use encryption for Outlook Web App (OWA) access.

DISA Rule

SV-228416r684257_rule

Vulnerability Number

V-228416

Group Title

SRG-APP-000014

Rule Version

EX16-MB-002910

Severity

CAT II

CCI(s)

CCI-000068 - The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions.

Weight

Fix Recommendation

Configure the OWA site to require SSL port 443.

Check Contents

Open a Exchange Management Shell and enter the following command:

Get-OwaVirtualDirectory | select internalurl, externalurl

If the value returned is not https://, this is a finding.

Vulnerability Number

V-228416

Documentable

False

Rule Version

EX16-MB-002910

Severity Override Guidance

Open a Exchange Management Shell and enter the following command:

Get-OwaVirtualDirectory | select internalurl, externalurl

If the value returned is not https://, this is a finding.

Check Content Reference

Target Key

4223

Exchange must use encryption for Outlook Web App (OWA) access.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments