Check: EX16-ED-000590
Microsoft Exchange 2016 Edge Transport Server STIG:
EX16-ED-000590
(in versions v2 r5 through v1 r1)
Title
The Exchange software baseline copy must exist. (Cat II impact)
Discussion
Exchange software, as with other application software installed on a host system, must be included in a system baseline record and periodically reviewed; otherwise, unauthorized changes to the software may not be discovered. This effort is a vital step to securing the host and the applications, as it is the only method that may provide the ability to detect and recover from otherwise undetected changes, such as those that result from worm or bot intrusions. The Exchange software and configuration baseline is created and maintained for comparison during scanning efforts. Operational procedures must include baseline updates as part of configuration management tasks that change the software and configuration.
Check Content
Review the Email Domain Security Plan (EDSP). Determine the baseline documentation. Review the application software baseline procedures and implementation artifacts. Note the list of files and directories included in the baseline procedure for completeness. If an email software copy exists to serve as a baseline and is available for comparison during scanning efforts, this is not a finding.
Fix Text
Implement an email software baseline process and update the EDSP.
Additional Identifiers
Rule ID: SV-221255r879753_rule
Vulnerability ID: V-221255
Group Title: SRG-APP-000380
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001813 |
Enforce access restrictions using organization-defined mechanisms. |
Controls
Number | Title |
---|---|
CM-5(1) |
Automated Access Enforcement / Auditing |