| Checked | Name | Title |
|---|
| ☐ | SV-84337r1_rule | Exchange must use Encryption for RPC client access. |
| ☐ | SV-84339r2_rule | Exchange must use Encryption for OWA access. |
| ☐ | SV-84341r2_rule | Exchange must have Forms-based Authentication disabled. |
| ☐ | SV-84343r1_rule | Exchange must have authenticated access set to Integrated Windows Authentication only. |
| ☐ | SV-84345r1_rule | Exchange must have Administrator audit logging enabled. |
| ☐ | SV-84347r1_rule | Exchange Servers must use approved DoD certificates. |
| ☐ | SV-84349r1_rule | Exchange ActiveSync (EAS) must only use certificate-based authentication to access email. |
| ☐ | SV-84351r1_rule | Exchange must have IIS map client certificates to an approved certificate server. |
| ☐ | SV-84353r1_rule | Exchange Email Diagnostic log level must be set to lowest level. |
| ☐ | SV-84355r1_rule | Exchange must have Audit record parameters set. |
| ☐ | SV-84357r1_rule | Exchange must have Queue monitoring configured with threshold and action. |
| ☐ | SV-84359r1_rule | Exchange must have Send Fatal Errors to Microsoft disabled. |
| ☐ | SV-84361r1_rule | Exchange must have Audit data protected against unauthorized read access. |
| ☐ | SV-84363r1_rule | Exchange must not send Customer Experience reports to Microsoft. |
| ☐ | SV-84365r1_rule | Exchange must have Audit data protected against unauthorized modification. |
| ☐ | SV-84367r1_rule | Exchange must have audit data protected against unauthorized deletion. |
| ☐ | SV-84369r1_rule | Exchange must have Audit data on separate partitions. |
| ☐ | SV-84373r1_rule | Exchange Local machine policy must require signed scripts. |
| ☐ | SV-84375r1_rule | Exchange IMAP4 service must be disabled. |
| ☐ | SV-84377r1_rule | Exchange POP3 service must be disabled. |
| ☐ | SV-84379r1_rule | Exchange must have the Public Folder virtual directory removed if not in use by the site. |
| ☐ | SV-84381r1_rule | Exchange must have the Microsoft Active Sync directory removed. |
| ☐ | SV-84383r1_rule | Exchange application directory must be protected from unauthorized access. |
| ☐ | SV-84385r1_rule | Exchange software baseline copy must exist. |
| ☐ | SV-84387r1_rule | Exchange software must be monitored for unauthorized changes. |
| ☐ | SV-84389r1_rule | Exchange services must be documented and unnecessary services must be removed or disabled. |
| ☐ | SV-84391r1_rule | Exchange Outlook Anywhere (OA) clients must use NTLM authentication to access email. |
| ☐ | SV-84393r1_rule | Exchange software must be installed on a separate partition from the OS. |
| ☐ | SV-84395r1_rule | Exchange must provide redundancy. |
| ☐ | SV-84397r2_rule | Exchange OWA must use https. |
| ☐ | SV-84399r1_rule | Exchange OWA must have S/MIME Certificates enabled. |
| ☐ | SV-84401r1_rule | Exchange must have the most current, approved service pack installed. |
| ☐ | SV-84403r2_rule | Exchange must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. |
STIGQter: STIG Summary: