Exchange
Microsoft Exchange email servers
Moderate Concern
13.7%
Combined Weighted Score
Score Breakdown
0 / 1
CAT I Open / Total
0.0% open rate (weight: 10)
19 / 47
CAT II Open / Total
40.4% open rate (weight: 4)
7 / 16
CAT III Open / Total
43.8% open rate (weight: 1)
Percentages are open-rate values (`Open / Total`). Closed/compliance rate is `100% - open rate`.
Checklist Files Contributing to This Area (1)
These hostname + STIG combinations are mapped to this assessment area
| Checklist File | Hostname | STIG Benchmark | Version | Actions |
|---|---|---|---|---|
| MONT-MB-002_MSExchange2016MB_V2R6_20251023-152357.ckl | MONT-MB-002 | Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide | V2R6 |
Open Findings (26)
Findings that remain open and contribute to the score
MONT-MB-002
Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide MONT-MB-002_MSExchange2016MB_V2R6_20251023-152357.ckl
Edit
26 open
| Severity | Vuln ID | Rule Title | Status |
|---|---|---|---|
| CAT II | V-228355 | Exchange servers must use approved DoD certificates. | Open (Open) |
| CAT II | V-228358 | The Exchange Email Diagnostic log level must be set to the lowest level. | Open (Open) |
| CAT II | V-228361 | Exchange Email Subject Line logging must be disabled. | Open (Open) |
| CAT II | V-228363 | Exchange Queue monitoring must be configured with threshold and action. | Open (Open) |
| CAT II | V-228370 | Exchange Local machine policy must require signed scripts. | Open (Open) |
| CAT II | V-228371 | The Exchange Internet Message Access Protocol 4 (IMAP4) service must be disabled... | Open (Open) |
| CAT II | V-228372 | The Exchange Post Office Protocol 3 (POP3) service must be disabled. | Open (Open) |
| CAT II | V-228376 | Exchange Mailboxes must be retained until backups are complete. | Open (Open) |
| CAT II | V-228391 | Exchange Internal Receive connectors must not allow anonymous connections. | Open (Open) |
| CAT II | V-228392 | Exchange external/Internet-bound automated response messages must be disabled. | Open (Open) |
| CAT II | V-228402 | Exchange software must be monitored for unauthorized changes. | Open (Open) |
| CAT II | V-228404 | Exchange Outlook Anywhere clients must use NTLM authentication to access email. | Open (Open) |
| CAT II | V-228406 | Exchange must not send delivery reports to remote domains. | Open (Open) |
| CAT II | V-228407 | Exchange must not send nondelivery reports to remote domains. | Open (Open) |
| CAT II | V-228408 | The Exchange SMTP automated banner response must not reveal server details. | Open (Open) |
| CAT II | V-228409 | Exchange Internal Send connectors must use an authentication level. | Open (Open) |
| CAT II | V-228410 | Exchange must provide Mailbox databases in a highly available and redundant conf... | Open (Open) |
| CAT II | V-228417 | Exchange must have forms-based authentication disabled. | Open (Open) |
| CAT II | V-228418 | Exchange must have authenticated access set to Integrated Windows Authentication... | Open (Open) |
| CAT III | V-228379 | Exchange Mail quota settings must not restrict receiving mail. | Open (Open) |
| CAT III | V-228380 | Exchange Mail Quota settings must not restrict receiving mail. | Open (Open) |
| CAT III | V-228382 | Exchange Message size restrictions must be controlled on Receive connectors. | Open (Open) |
| CAT III | V-228383 | Exchange Receive connectors must control the number of recipients per message. | Open (Open) |
| CAT III | V-228385 | Exchange Message size restrictions must be controlled on Send connectors. | Open (Open) |
| CAT III | V-228389 | The Exchange Outbound Connection Limit per Domain Count must be controlled. | Open (Open) |
| CAT III | V-228398 | The Exchange Global Recipient Count Limit must be set. | Open (Open) |
64
Total Findings
26
Open
38
Closed/Remediated