| Checked | Name | Title |
|---|
| ☐ | SV-84405r1_rule | Exchange must limit the Receive connector timeout. |
| ☐ | SV-84407r1_rule | Exchange servers must use approved DoD certificates. |
| ☐ | SV-84409r1_rule | Exchange must have accepted domains configured. |
| ☐ | SV-84413r1_rule | Exchange external Receive connectors must be domain secure-enabled. |
| ☐ | SV-84415r1_rule | The Exchange email Diagnostic log level must be set to the lowest level. |
| ☐ | SV-84417r1_rule | Exchange Connectivity logging must be enabled. |
| ☐ | SV-84419r1_rule | Exchange Queue monitoring must be configured with threshold and action. |
| ☐ | SV-84421r1_rule | Exchange must not send Customer Experience reports to Microsoft. |
| ☐ | SV-84423r1_rule | Exchange Audit data must be protected against unauthorized access (read access). |
| ☐ | SV-84425r1_rule | Exchange Send Fatal Errors to Microsoft must be disabled. |
| ☐ | SV-84427r1_rule | Exchange audit data must be protected against unauthorized access for modification. |
| ☐ | SV-84429r1_rule | Exchange audit data must be protected against unauthorized access for deletion. |
| ☐ | SV-84431r1_rule | Exchange audit data must be on separate partitions. |
| ☐ | SV-84433r1_rule | The Exchange local machine policy must require signed scripts. |
| ☐ | SV-84435r2_rule | Exchange Internet-facing Send connectors must specify a Smart Host. |
| ☐ | SV-84439r1_rule | Exchange Internet-facing Receive connectors must offer Transport Layer Security (TLS) before using basic authentication. |
| ☐ | SV-84441r1_rule | Exchange Outbound Connection Timeout must be 10 minutes or less. |
| ☐ | SV-84443r1_rule | Exchange Outbound Connection Limit per Domain Count must be controlled. |
| ☐ | SV-84445r1_rule | Exchange Global Outbound Message size must be controlled. |
| ☐ | SV-84449r1_rule | Exchange Send connector connections count must be limited. |
| ☐ | SV-84451r1_rule | Exchange message size restrictions must be controlled on Send connectors. |
| ☐ | SV-84453r1_rule | Exchange Send connectors delivery retries must be controlled. |
| ☐ | SV-84455r1_rule | Exchange Send connectors must be clearly named. |
| ☐ | SV-84457r1_rule | Exchange Receive connector Maximum Hop Count must be 60. |
| ☐ | SV-84459r1_rule | Exchange Receive connectors must be clearly named. |
| ☐ | SV-84461r1_rule | Exchange Receive connectors must control the number of recipients chunked on a single message. |
| ☐ | SV-84477r1_rule | Exchange Receive connectors must control the number of recipients per message. |
| ☐ | SV-84479r1_rule | The Exchange Internet Receive connector connections count must be set to default. |
| ☐ | SV-84481r1_rule | Exchange Message size restrictions must be controlled on Receive connectors. |
| ☐ | SV-84483r2_rule | Exchange messages with a blank sender field must be rejected. |
| ☐ | SV-84485r2_rule | Exchange messages with a blank sender field must be filtered. |
| ☐ | SV-84487r1_rule | Exchange filtered messages must be archived. |
| ☐ | SV-84489r1_rule | The Exchange Sender filter must block unaccepted domains. |
| ☐ | SV-84491r1_rule | Exchange nonexistent recipients must not be blocked. |
| ☐ | SV-84493r1_rule | The Exchange Sender Reputation filter must be enabled. |
| ☐ | SV-84495r1_rule | The Exchange Sender Reputation filter must identify the spam block level. |
| ☐ | SV-84497r2_rule | Exchange Attachment filtering must remove undesirable attachments by file type. |
| ☐ | SV-84499r1_rule | The Exchange Spam Evaluation filter must be enabled. |
| ☐ | SV-84501r2_rule | The Exchange Block List service provider must be identified. |
| ☐ | SV-84503r1_rule | Exchange messages with malformed From address must be rejected. |
| ☐ | SV-84511r1_rule | The Exchange Recipient filter must be enabled. |
| ☐ | SV-84513r1_rule | The Exchange tarpitting interval must be set. |
| ☐ | SV-84515r1_rule | Exchange internal Receive connectors must not allow anonymous connections. |
| ☐ | SV-84517r1_rule | Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List entries must be empty. |
| ☐ | SV-84519r1_rule | The Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List Connection filter must be enabled. |
| ☐ | SV-84521r2_rule | The Exchange Simple Mail Transfer Protocol (SMTP) Sender filter must be enabled. |
| ☐ | SV-84523r1_rule | Exchange must have antispam filtering installed. |
| ☐ | SV-84525r1_rule | Exchange must have antispam filtering enabled. |
| ☐ | SV-84527r1_rule | Exchange must have antispam filtering configured. |
| ☐ | SV-84529r1_rule | Exchange Sender Identification Framework must be enabled. |
| ☐ | SV-84533r1_rule | The Exchange application directory must be protected from unauthorized access. |
| ☐ | SV-84535r1_rule | The Exchange software baseline copy must exist. |
| ☐ | SV-84537r1_rule | Exchange software must be monitored for unauthorized changes. |
| ☐ | SV-84539r1_rule | Exchange services must be documented and unnecessary services must be removed or disabled. |
| ☐ | SV-84541r1_rule | Exchange software must be installed on a separate partition from the OS. |
| ☐ | SV-84543r1_rule | The Exchange SMTP automated banner response must not reveal server details. |
| ☐ | SV-84549r2_rule | Exchange must provide redundancy. |
| ☐ | SV-84551r1_rule | Exchange internal Send connectors must use an authentication level. |
| ☐ | SV-84553r1_rule | Exchange internal Receive connectors must require encryption. |
| ☐ | SV-84555r1_rule | Exchange internal Send connectors must require encryption. |
| ☐ | SV-84557r1_rule | Exchange must have the most current, approved service pack installed. |
| ☐ | SV-84559r1_rule | The applications built-in Malware Agent must be disabled. |
| ☐ | SV-84561r1_rule | A DoD-approved third party Exchange-aware malicious code protection application must be implemented. |
STIGQter: STIG Summary: