STIGQter: STIG Summary: Exchange 2010 Hub Transport Server STIG Version: 1 Release: 12 Benchmark Date: 27 Jan 2017:

Global recipient count limit must be set.

DISA Rule

SV-44050r1_rule

Vulnerability Number

V-33630

Group Title

Exch-2-017

Rule Version

Exch-2-017

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Set-transportConfig -'MaxRecipientEnvelopeLimit' 5000

Restart the “Microsoft Exchange Information Store” service.

If an alternate value is desired, obtain signoff with risk acceptance and document in the EDSP.

Check Contents

Obtain the Email Domain Security Plan (EDSP) and locate the global maximum message recipient count.

Open the Exchange Management Shell and enter the following command:

Get-TransportConfig | Select Identity, MaxRecipientEnvelopeLimit
If the value of 'MaxRecipientEnvelopeLimit' is set to 5000, this is not a finding.

If the value of 'MaxRecipientEnvelopeLimit' value is set to an alternate value, and has signoff and risk acceptance in the EDSP, this is not a finding.

If the value of 'MaxRecipientEnvelopeLimit' is set to 'Unlimited', this is a finding.

Vulnerability Number

V-33630

Documentable

False

Rule Version

Exch-2-017

Severity Override Guidance

Obtain the Email Domain Security Plan (EDSP) and locate the global maximum message recipient count.

Open the Exchange Management Shell and enter the following command:

Get-TransportConfig | Select Identity, MaxRecipientEnvelopeLimit
If the value of 'MaxRecipientEnvelopeLimit' is set to 5000, this is not a finding.

If the value of 'MaxRecipientEnvelopeLimit' value is set to an alternate value, and has signoff and risk acceptance in the EDSP, this is not a finding.

If the value of 'MaxRecipientEnvelopeLimit' is set to 'Unlimited', this is a finding.

Check Content Reference

M

Target Key

1995

Comments