Authentication Failure Details Secure string passed to powershell was invalid or empty. Supportive Information The following resource is also helpful. https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Exchange_2016_Y21M07_STIG.zip This...
DISA_STIG_Microsoft_Exchange_2016_Mailbox_Server_v2r4.audit from DISA Microsoft Exchange 2016 Mailbox Server v2r4 STIG Details NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance. Supportive Information...
EX16-MB-000010 – Exchange must have Administrator audit logging enabled. Details Unauthorized or malicious data changes can compromise the integrity and usefulness of the data. Automated attacks or malicious users...
EX16-MB-000020 – Exchange servers must use approved DoD certificates. Details Server certificates are required for many security features in Exchange; without them, the server cannot engage in many forms...
EX16-MB-000030 – Exchange auto-forwarding email to remote domains must be disabled or restricted. Details Attackers can use automated messages to determine whether a user account is active, in the office, traveling, and so...
EX16-MB-000040 – Exchange Connectivity logging must be enabled. Details A connectivity log is a record of the SMTP connection activity of the outbound message delivery queues to the...
EX16-MB-000050 – The Exchange Email Diagnostic log level must be set to the lowest level. Details Log files help establish a history of activities and can be useful in detecting attack attempts or determining tuning...
EX16-MB-000060 – Exchange Audit record parameters must be set. Details Log files help establish a history of activities and can be useful in detecting attack attempts. This item declares...
EX16-MB-000070 – Exchange Circular Logging must be disabled. Details Logging provides a history of events performed and can also provide evidence of tampering or attack. Failure to create...
EX16-MB-000080 – Exchange Email Subject Line logging must be disabled. Details Log files help establish a history of activities and can be useful in detecting attack attempts or determining tuning...