The Exchange POP3 service must be disabled.

An XCCDF Rule

Description

<VulnDiscussion>The POP3 protocol is not approved for use within the DoD. It uses a clear-text-based user name and password and does not support the DoD standard for PKI for email access. User name and password could easily be captured from the network, allowing a malicious user to access other system features. Uninstalling or disabling the service will prevent the use of the POP3 protocol.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-207285r615936_rule
Severity: Medium
References: CCI-000381
Updated: about 1 year ago

Open the Windows Power Shell and enter the following command:

services.msc

Navigate to and double-click on Microsoft Exchange POP3 Backend.
Click on the "General" tab.

In the Startup Type: dropdown, select Disabled.

Click the OK button.

The Exchange POP3 service must be disabled.

Description

Remediation - Manual Procedure