Skip to content

Exchange 2010 Client Access Server STIG

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Exch-1-002

    <GroupDescription></GroupDescription>
    Group
  • Encryption must be used for RPC client access.

    &lt;VulnDiscussion&gt;This setting controls whether client machines are forced to use secure channels to communicate with the server. If this feat...
    Rule Medium Severity
  • Exch-1-005

    <GroupDescription></GroupDescription>
    Group
  • The Microsoft Exchange POP3 service must be disabled.

    &lt;VulnDiscussion&gt;The POP3 protocol is not approved for use within the DoD. It uses a clear text based user name and password and does not supp...
    Rule Medium Severity
  • Exch-1-103

    <GroupDescription></GroupDescription>
    Group
  • Exch-2-826

    <GroupDescription></GroupDescription>
    Group
  • The Microsoft Exchange IMAP4 service must be disabled.

    &lt;VulnDiscussion&gt;The IMAP4 protocol is not approved for use within the DoD. It uses a clear text based user name and password and does not sup...
    Rule Medium Severity
  • Exch-1-008

    <GroupDescription></GroupDescription>
    Group
  • Exchange application directory must be protected from unauthorized access.

    &lt;VulnDiscussion&gt;Default product installations may provide more generous access permissions than are necessary to run the application. By exa...
    Rule Medium Severity
  • Exch-2-831

    <GroupDescription></GroupDescription>
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules