STIGQter: STIG Summary: MS Exchange 2010 Edge Transport Server STIG Version: 1 Release: 15 Benchmark Date: 26 Apr 2019:

Outbound Connection Limit per Domain Count must be controlled.

DISA Rule

SV-44055r2_rule

Vulnerability Number

V-33635

Group Title

Exch-2-201

Rule Version

Exch-2-201

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Open the Exchange Management Shell and enter the following command:

Set-TransportServer -Identity <'ServerUnderReview'> -MaxPerDomainOutboundConnections 20

If an alternate value is desired, obtain signoff with risk acceptance and document in the EDSP.

Check Contents

Obtain the Email Domain Security Plan (EDSP) and locate the value for 'Maximum Domain Connections' and the server under review.

Open the Exchange Management Shell and enter the following command:

Get-TransportServer -Identity
<'ServerUnderReview'> | Select Name, Identity, MaxPerDomainOutboundConnections

If the value of 'MaxPerDomainOutboundConnections' is set to 20 this is not a finding.

If the value of 'MaxPerDomainOutboundConnections' is set to a value other than 20 and has signoff and risk acceptance in the EDSP, this is not a finding.

Vulnerability Number

V-33635

Documentable

False

Rule Version

Exch-2-201

Severity Override Guidance

Obtain the Email Domain Security Plan (EDSP) and locate the value for 'Maximum Domain Connections' and the server under review.

Open the Exchange Management Shell and enter the following command:

Get-TransportServer -Identity
<'ServerUnderReview'> | Select Name, Identity, MaxPerDomainOutboundConnections

If the value of 'MaxPerDomainOutboundConnections' is set to 20 this is not a finding.

If the value of 'MaxPerDomainOutboundConnections' is set to a value other than 20 and has signoff and risk acceptance in the EDSP, this is not a finding.

Check Content Reference

M

Target Key

1995

Comments