Skip to main content
CUI

Scan: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_MSExchange2016MB_V2R6_20251023-152357.ckl

Back to USNS MONTFORD POINT Scans

Scan Information

Hull Number
T-ESD-1
Scan Date
2026-01-14
Source File
MONT-MB-002 MSExchange2016MB 20251023-152357
Source Tool
Evaluate-STIG
Imported
2026-01-14 17:57
Hostname (from CKL asset — override if blank or incorrect)
Upgrade History Export CSV Export Excel
STIG Benchmark

Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide

Version

V2R6

Score

53.6%

Total

64

Open

26

OCA Technology Area

Assign this checklist to an OCA assessment area for scoring

Hostname
MONT-MB-002
STIG Benchmark
Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide
Current Area: Exchange
View all findings in Exchange area →

STIG Rule Mapping

64
Mapped to STIG
0
Unmapped
64
Total Findings
All findings mapped to STIG rules.

Checklist Scoring

Severity Not a Finding Not Applicable Open Not Reviewed Total
CAT I 1 0 0 0 1
CAT II 19 1 19 8 47
CAT III 9 0 7 0 16
Total 29 1 26 8 64
Filter:

Vuln IDs (64)

V-228354 Exchange must have Administrator audit logging ena...
V-228355 Exchange servers must use approved DoD certificate...
V-228356 Exchange auto-forwarding email to remote domains m...
V-228357 Exchange Connectivity logging must be enabled.
V-228358 The Exchange Email Diagnostic log level must be se...
V-228359 Exchange Audit record parameters must be set.
V-228360 Exchange Circular Logging must be disabled.
V-228361 Exchange Email Subject Line logging must be disabl...
V-228362 Exchange Message Tracking Logging must be enabled.
V-228363 Exchange Queue monitoring must be configured with ...
V-228364 Exchange Send Fatal Errors to Microsoft must be di...
V-228365 Exchange must protect audit data against unauthori...
V-228366 Exchange must not send Customer Experience reports...
V-228367 Exchange must protect audit data against unauthori...
V-228368 Exchange must protect audit data against unauthori...
V-228369 Exchange Audit data must be on separate partitions...
V-228370 Exchange Local machine policy must require signed ...
V-228371 The Exchange Internet Message Access Protocol 4 (I...
V-228372 The Exchange Post Office Protocol 3 (POP3) service...
V-228373 Exchange Mailbox databases must reside on a dedica...
V-228374 Exchange Internet-facing Send connectors must spec...
V-228375 Exchange internal Receive connectors must require ...
V-228376 Exchange Mailboxes must be retained until backups ...
V-228377 Exchange email forwarding must be restricted.
V-228378 Exchange email-forwarding SMTP domains must be res...
V-228379 Exchange Mail quota settings must not restrict rec...
V-228380 Exchange Mail Quota settings must not restrict rec...
V-228381 Exchange Mailbox Stores must mount at startup.
V-228382 Exchange Message size restrictions must be control...
V-228383 Exchange Receive connectors must control the numbe...
V-228384 The Exchange Receive Connector Maximum Hop Count m...
V-228385 Exchange Message size restrictions must be control...
V-228386 The Exchange Send connector connections count must...
V-228387 The Exchange global inbound message size must be c...
V-228388 The Exchange global outbound message size must be ...
V-228389 The Exchange Outbound Connection Limit per Domain ...
V-228390 The Exchange Outbound Connection Timeout must be 1...
V-228391 Exchange Internal Receive connectors must not allo...
V-228392 Exchange external/Internet-bound automated respons...
V-228393 Exchange must have anti-spam filtering installed.
V-228394 Exchange must have anti-spam filtering enabled.
V-228395 Exchange must have anti-spam filtering configured.
V-228396 Exchange must not send automated replies to remote...
V-228397 Exchange servers must have an approved DoD email-a...
V-228398 The Exchange Global Recipient Count Limit must be ...
V-228399 The Exchange Receive connector timeout must be lim...
V-228400 The Exchange application directory must be protect...
V-228401 An Exchange software baseline copy must exist.
V-228402 Exchange software must be monitored for unauthoriz...
V-228403 Exchange services must be documented and unnecessa...
V-228404 Exchange Outlook Anywhere clients must use NTLM au...
V-228405 The Exchange Email application must not share a pa...
V-228406 Exchange must not send delivery reports to remote ...
V-228407 Exchange must not send nondelivery reports to remo...
V-228408 The Exchange SMTP automated banner response must n...
V-228409 Exchange Internal Send connectors must use an auth...
V-228410 Exchange must provide Mailbox databases in a highl...
V-228411 Exchange must have the most current, approved serv...
V-228412 The application must be configured in accordance w...
V-228413 The applications built-in Malware Agent must be di...
V-228415 Exchange must use encryption for RPC client access...
V-228416 Exchange must use encryption for Outlook Web App (...
V-228417 Exchange must have forms-based authentication disa...
V-228418 Exchange must have authenticated access set to Int...

Vulnerability Details

Click a Vuln ID on the left to view details.

Status & Comments

Select a finding to edit.

← Back to USNS MONTFORD POINT Scans
CUI