EX13-CA-000115 – Exchange application directory must be protected from unauthorized access.

Details

Default product installations may provide more generous access permissions than are necessary to run the application. By examining and tailoring access permissions to more closely provide the least amount of privilege possible, attack vectors that align with user permissions are less likely to access more highly secured areas.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Update the EDSP.

Remove or modify the group or user access permissions.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Exchange_2013_Y21M01_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.

References

800-53|CM-11(2)
CAT|II
CCI|CCI-001812
Rule-ID|SV-84383r1_rule
STIG-ID|EX13-CA-000115
Vuln-ID|V-69761

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles