Microsoft Exchange 2019 Edge Server Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Exchange servers must use approved DOD certificates.
To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems (e.g., networks, web servers, and web porta...Rule Medium Severity -
Exchange external Receive connectors must be domain secure-enabled.
The Simple Mail Transfer Protocol (SMTP) connector is used by Exchange to send and receive messages from server to server. Several controls work together to provide security between internal server...Rule Medium Severity -
Exchange message tracking logging must be enabled.
A message tracking log provides a detailed log of all message activity as messages are transferred to and from a computer running Exchange. If events are not recorded, it may be difficult or impos...Rule Medium Severity -
Exchange queue monitoring must be configured with threshold and action.
Monitors are automated "process watchers" that respond to performance changes and can be useful in detecting outages and alerting administrators where attention is needed. Exchange has built-in mon...Rule Medium Severity -
Exchange local machine policy must require signed scripts.
Scripts often provide a way for attackers to infiltrate a system, especially scripts downloaded from untrusted locations. By setting machine policy to prevent unauthorized script executions, unanti...Rule Medium Severity -
Exchange must not send customer experience reports to Microsoft.
It is detrimental for applications to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and...Rule Medium Severity -
Exchange queue database must reside on a dedicated partition.
In the same way that added security layers can provide a cumulative positive effect on security posture, multiple applications can provide a cumulative negative effect. A vulnerability and subseque...Rule Medium Severity -
Exchange internet-facing send connectors must specify a Smart Host.
When identifying a "Smart Host" for the email environment, a logical send connector is the preferred method. A Smart Host acts as an internet-facing concentrator for other email servers. Appropria...Rule Medium Severity -
Exchange Outbound Connection Timeout must be 10 minutes or less.
Email system availability depends in part on best practice strategies for setting tuning configurations. This configuration controls the number of idle minutes before the connection is dropped. It ...Rule Medium Severity -
Exchange message size restrictions must be controlled on Send connectors.
Email system availability depends in part on best practice strategies for setting tuning configurations. For message size restrictions, multiple places exist to set or override inbound or outbound ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.