Exchange 2010 Client Access Server STIG
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Microsoft Active Sync directory must be removed.
To reduce the vectors through which a server can be attacked, unneeded application components should be disabled or removed. By default, a virtual directory is installed for Active Sync, and the ...Rule Low Severity -
Exch-2-833
Group -
Audit record parameters must be set.
Log files help establish a history of activities, and can be useful in detecting attack attempts. This item declares the fields that must be available in the audit log file in order to adequately...Rule Low Severity -
Exch-2-839
Group -
Audit data must be on separate partitions.
Log files help establish a history of activities, and can be useful in detecting attack attempts or determining tuning adjustments to improve availability. Audit log content must always be consid...Rule Medium Severity -
Exch-2-842
Group -
Queue monitoring must be configured with threshold and action.
Monitors are automated “process watchers” that respond to performance changes, and can be useful in detecting outages and alerting administrators where attention is needed. Exchange has built-in mo...Rule Medium Severity -
Exch-3-003
Group -
Email software must be monitored for change on INFOCON frequency schedule.
The INFOCON system provides a framework within which the Commander USSTRATCOM regional commanders, service chiefs, base/post/camp/station/vessel commanders, or agency directors can increase the mea...Rule Medium Severity -
Exch-3-006
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules