Skip to content
Log In

Microsoft Exchange 2013 Client Access Server Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Exchange software baseline copy must exist.

    Exchange software, as with other application software installed on a host system, must be included in a system baseline record and periodically reviewed; otherwise, unauthorized changes to the soft...
    Rule Medium Severity
    Show

  • SRG-APP-000131

    Group
    Show

  • Exchange Local machine policy must require signed scripts.

    Scripts often provide a way for attackers to infiltrate a system, especially those downloaded from untrusted locations. By setting machine policy to prevent unauthorized script executions, unantici...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Exchange IMAP4 service must be disabled.

    The IMAP4 protocol is not approved for use within the DoD. It uses a clear text-based user name and password and does not support the DoD standard for PKI for email access. User name and password c...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Exchange POP3 service must be disabled.

    The POP3 protocol is not approved for use within the DoD. It uses a clear text based user name and password and does not support the DoD standard for PKI for email access. User name and password co...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Exchange must have the Public Folder virtual directory removed if not in use by the site.

    To reduce the vectors through which a server can be attacked, unneeded application components should be disabled or removed. By default, a virtual directory is installed for Public Folders. If an ...
    Rule Low Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000378

    Group
    Show

  • SRG-APP-000381

    Group
    Show

  • Exchange software must be monitored for unauthorized changes.

    Monitoring software files for changes against a baseline on a regular basis may help detect the possible introduction of malicious code on a system.
    Rule Medium Severity
    Show

  • SRG-APP-000383

    Group
    Show

  • SRG-APP-000391

    Group
    Show

  • Exchange Outlook Anywhere (OA) clients must use NTLM authentication to access email.

    Identification and authentication provide the foundation for access control. Access to email services applications requires NTLM authentication. Outlook Anywhere, if authorized for use by the site,...
    Rule Medium Severity
    Show

  • SRG-APP-000431

    Group
    Show

  • Exchange software must be installed on a separate partition from the OS.

    In the same way that added security layers can provide a cumulative positive effect on security posture, multiple applications can provide a cumulative negative effect. A vulnerability and subseque...
    Rule Medium Severity
    Show

  • SRG-APP-000435

    Group
    Show

  • Exchange must provide redundancy.

    Load balancing is a way to manage which Exchange servers receive traffic. Load balancing helps distribute incoming client connections over a variety of endpoints. This ensures that no one endpoint ...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules