STIGQter: STIG Summary: MS Exchange 2013 Client Access Server Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jan 2020:

Exchange must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.

DISA Rule

SV-84403r2_rule

Vulnerability Number

V-69781

Group Title

SRG-APP-000516

Rule Version

EX13-CA-000165

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure web ports to be 80, 81 and 443, 444, as specified by PPSM standards.

Check Contents

Open a Windows PowerShell Module and enter the following commands:

Get-Website | Select Name

Get-WebBinding -Name <'WebSiteName'> | Format-List

If the Web binding values returned are not on standard port 80 and 81 for HTTP connections or port 443 and 444 for HTTPS connections, this is a finding.

Repeat the process for each website.

Vulnerability Number

V-69781

Documentable

False

Rule Version

EX13-CA-000165

Severity Override Guidance

Open a Windows PowerShell Module and enter the following commands:

Get-Website | Select Name

Get-WebBinding -Name <'WebSiteName'> | Format-List

If the Web binding values returned are not on standard port 80 and 81 for HTTP connections or port 443 and 444 for HTTPS connections, this is a finding.

Repeat the process for each website.

Check Content Reference

M

Target Key

3097

Comments