STIGQter: STIG Summary:| Checked | Name | Title |
|---|---|---|
| ☐ | SV-221202r612603_rule | Exchange must limit the Receive connector timeout. |
| ☐ | SV-221203r612603_rule | Exchange servers must use approved DoD certificates. |
| ☐ | SV-221204r612603_rule | Exchange must have accepted domains configured. |
| ☐ | SV-221205r612603_rule | Exchange must have auto-forwarding of email to remote domains disabled or restricted. |
| ☐ | SV-221206r612603_rule | Exchange external Receive connectors must be domain secure-enabled. |
| ☐ | SV-221207r612603_rule | The Exchange email Diagnostic log level must be set to the lowest level. |
| ☐ | SV-221208r612603_rule | Exchange Connectivity logging must be enabled. |
| ☐ | SV-221209r612603_rule | Exchange Queue monitoring must be configured with threshold and action. |
| ☐ | SV-221210r612603_rule | Exchange must not send Customer Experience reports to Microsoft. |
| ☐ | SV-221211r612603_rule | Exchange Audit data must be protected against unauthorized access (read access). |
| ☐ | SV-221212r612603_rule | Exchange Send Fatal Errors to Microsoft must be disabled. |
| ☐ | SV-221213r612603_rule | Exchange audit data must be protected against unauthorized access for modification. |
| ☐ | SV-221214r612603_rule | Exchange audit data must be protected against unauthorized access for deletion. |
| ☐ | SV-221215r612603_rule | Exchange audit data must be on separate partitions. |
| ☐ | SV-221216r612603_rule | The Exchange local machine policy must require signed scripts. |
| ☐ | SV-221217r612603_rule | Exchange Internet-facing Send connectors must specify a Smart Host. |
| ☐ | SV-221218r612603_rule | Exchange internal Send connectors must use domain security (mutual authentication Transport Layer Security). |
| ☐ | SV-221219r612603_rule | Exchange Internet-facing Receive connectors must offer Transport Layer Security (TLS) before using basic authentication. |
| ☐ | SV-221220r612603_rule | Exchange Outbound Connection Timeout must be 10 minutes or less. |
| ☐ | SV-221221r612603_rule | Exchange Outbound Connection Limit per Domain Count must be controlled. |
| ☐ | SV-221222r612603_rule | Exchange Send connector connections count must be limited. |
| ☐ | SV-221223r612603_rule | Exchange message size restrictions must be controlled on Send connectors. |
| ☐ | SV-221224r612603_rule | Exchange Send connectors delivery retries must be controlled. |
| ☐ | SV-221225r612603_rule | Exchange Send connectors must be clearly named. |
| ☐ | SV-221226r612603_rule | Exchange Receive connector Maximum Hop Count must be 60. |
| ☐ | SV-221227r612603_rule | Exchange Receive connectors must be clearly named. |
| ☐ | SV-221228r612603_rule | Exchange Receive connectors must control the number of recipients chunked on a single message. |
| ☐ | SV-221229r612603_rule | Exchange Receive connectors must control the number of recipients per message. |
| ☐ | SV-221230r612603_rule | The Exchange Internet Receive connector connections count must be set to default. |
| ☐ | SV-221231r612603_rule | Exchange Message size restrictions must be controlled on Receive connectors. |
| ☐ | SV-221232r612603_rule | Exchange messages with a blank sender field must be rejected. |
| ☐ | SV-221233r612603_rule | Exchange messages with a blank sender field must be filtered. |
| ☐ | SV-221234r612603_rule | Exchange filtered messages must be archived. |
| ☐ | SV-221235r612603_rule | The Exchange Sender filter must block unaccepted domains. |
| ☐ | SV-221236r612603_rule | Exchange nonexistent recipients must not be blocked. |
| ☐ | SV-221237r612603_rule | The Exchange Sender Reputation filter must be enabled. |
| ☐ | SV-221238r612603_rule | The Exchange Sender Reputation filter must identify the spam block level. |
| ☐ | SV-221239r612603_rule | Exchange Attachment filtering must remove undesirable attachments by file type. |
| ☐ | SV-221240r612603_rule | The Exchange Spam Evaluation filter must be enabled. |
| ☐ | SV-221241r612603_rule | The Exchange Block List service provider must be identified. |
| ☐ | SV-221242r612603_rule | Exchange messages with a malformed From address must be rejected. |
| ☐ | SV-221243r612603_rule | The Exchange Recipient filter must be enabled. |
| ☐ | SV-221244r612603_rule | The Exchange tarpitting interval must be set. |
| ☐ | SV-221245r612603_rule | Exchange internal Receive connectors must not allow anonymous connections. |
| ☐ | SV-221246r612603_rule | Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List entries must be empty. |
| ☐ | SV-221247r612603_rule | The Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List Connection filter must be enabled. |
| ☐ | SV-221248r612603_rule | The Exchange Simple Mail Transfer Protocol (SMTP) Sender filter must be enabled. |
| ☐ | SV-221249r612603_rule | Exchange must have antispam filtering installed. |
| ☐ | SV-221250r612603_rule | Exchange must have antispam filtering enabled. |
| ☐ | SV-221251r612603_rule | Exchange must have antispam filtering configured. |
| ☐ | SV-221252r612603_rule | Exchange Sender Identification Framework must be enabled. |
| ☐ | SV-221253r612603_rule | Exchange must render hyperlinks from email sources from non-.mil domains as unclickable. |
| ☐ | SV-221254r612603_rule | The Exchange application directory must be protected from unauthorized access. |
| ☐ | SV-221255r612603_rule | The Exchange software baseline copy must exist. |
| ☐ | SV-221256r612603_rule | Exchange services must be documented and unnecessary services must be removed or disabled. |
| ☐ | SV-221257r612603_rule | Exchange software must be installed on a separate partition from the OS. |
| ☐ | SV-221258r612603_rule | The Exchange SMTP automated banner response must not reveal server details. |
| ☐ | SV-221259r612603_rule | Exchange must provide redundancy. |
| ☐ | SV-221260r612603_rule | Exchange internal Send connectors must use an authentication level. |
| ☐ | SV-221261r612603_rule | Exchange internal Receive connectors must require encryption. |
| ☐ | SV-221262r612603_rule | Exchange internal Send connectors must require encryption. |
| ☐ | SV-221263r612603_rule | Exchange must have the most current, approved service pack installed. |
| ☐ | SV-221264r612603_rule | The application must configure malicious code protection mechanisms to perform periodic scans of the information system every seven days. |
| ☐ | SV-221265r612603_rule | The application must configure malicious code protection mechanisms to perform periodic scans of the information system every seven days. |
| ☐ | SV-221266r612603_rule | The application must be configured to block and quarantine malicious code upon detection, then send an immediate alert to appropriate individuals. |
| ☐ | SV-221267r612603_rule | The application must be configured to block and quarantine malicious code upon detection, then send an immediate alert to appropriate individuals. |
| ☐ | SV-221268r612603_rule | The application must update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures. |
| ☐ | SV-221269r612603_rule | The application must update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures. |
| ☐ | SV-221270r612603_rule | The applications built-in Malware Agent must be disabled. |