Exchange must render hyperlinks from email sources from non-.mil domains as unclickable.

An XCCDF Rule

Description

<VulnDiscussion>Active hyperlinks within an email are susceptible to attacks of malicious software or malware. The hyperlink could lead to a malware infection or redirect the website to another fraudulent website without the user's consent or knowledge. Exchange does not have a built-in message filtering capability. DOD Enterprise Email (DEE) has created a custom resolution to filter messages from non-.mil users that have hyperlinks in the message body. The hyperlink within the messages will be modified, preventing end users from automatically clicking links.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-259643r961638_rule
Severity: Medium
References: CCI-002420
Updated: 17 days ago

Update the EDSP to reflect the name of the Transport Agent.

Contact the DISA Enterprise Email Service Desk at disa.tinker.eis.mbx.dod-enterprise-services-service-desk@mail.mil and request the Agent and installation procedures.

or
Contact DEE Engineering PMO and request the Agent and installation procedures.

Exchange must render hyperlinks from email sources from non-.mil domains as unclickable.

Description

Remediation - Manual Procedure