STIGQter: STIG Summary: MS Exchange 2013 Client Access Server Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jan 2020:

Exchange POP3 service must be disabled.

DISA Rule

SV-84377r1_rule

Vulnerability Number

V-69755

Group Title

SRG-APP-000141

Rule Version

EX13-CA-000100

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Open the Windows PowerShell and enter the following command:

services.msc

Navigate to and double-click on Microsoft Exchange POP3 Backend.

Click on the General tab.

In the Startup Type: dropdown, select Disabled.

Click the OK button.

Check Contents

Open the Windows PowerShell and enter the following command:

Get-ItemProperty 'hklm:\system\currentcontrolset\services\MSExchangePOP3' | Select Start

Note: The hklm:\system\currentcontrolset\services\MSExchangePOP3 value must be in quotes.

If the value of Start is not set to 4, this is a finding.

Vulnerability Number

V-69755

Documentable

False

Rule Version

EX13-CA-000100

Severity Override Guidance

Open the Windows PowerShell and enter the following command:

Get-ItemProperty 'hklm:\system\currentcontrolset\services\MSExchangePOP3' | Select Start

Note: The hklm:\system\currentcontrolset\services\MSExchangePOP3 value must be in quotes.

If the value of Start is not set to 4, this is a finding.

Check Content Reference

M

Target Key

3097

Comments