STIGQter: STIG Summary: MS Exchange 2010 Edge Transport Server STIG Version: 1 Release: 15 Benchmark Date: 26 Apr 2019:

Send Connectors delivery retries must be controlled.

DISA Rule

SV-44006r1_rule

Vulnerability Number

V-33586

Group Title

Exch-2-754

Rule Version

Exch-2-754

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Open the Exchange Management Shell and enter the following command:

Set-TransportServer -Identity <'ServerUnderReview'> -TransientFailureRetryCount 10 or other value as identified by the EDSP.

Check Contents

Obtain the Email Domain Security Plan (EDSP) and locate the value for 'Transient Failure Retry Count'.

Open the Exchange Management Shell and enter the following command:

Get-TransportServer -Identity <'ServerUnderReview'> | Select Name, Identity, TransientFailureRetryCount

If the value of 'TransientFailureRetryCount' is set to 10 or less, this is not a finding.

If the value of 'TransientFailureRetryCount' is set to more than 10, and has signoff and risk acceptance in the EDSP, this is not a finding.

Vulnerability Number

V-33586

Documentable

False

Rule Version

Exch-2-754

Severity Override Guidance

Obtain the Email Domain Security Plan (EDSP) and locate the value for 'Transient Failure Retry Count'.

Open the Exchange Management Shell and enter the following command:

Get-TransportServer -Identity <'ServerUnderReview'> | Select Name, Identity, TransientFailureRetryCount

If the value of 'TransientFailureRetryCount' is set to 10 or less, this is not a finding.

If the value of 'TransientFailureRetryCount' is set to more than 10, and has signoff and risk acceptance in the EDSP, this is not a finding.

Check Content Reference

M

Target Key

1995

Comments