| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: D3DFF3D8C70E00D492107351428464E54027448A ~~~~~ Default MONT-MB-002 MaxMessageSize: 36 MB (37,748,736 bytes) Client Proxy MONT-MB-002 MaxMessageSize: 36 MB (37,748,736 bytes) Default Frontend MONT-MB-002 MaxMessageSize: 36 MB (37,748,736 bytes) Outbound Proxy Frontend MONT-MB-002 MaxMessageSize: 36 MB (37,748,736 bytes) Client Frontend MONT-MB-002 MaxMessageSize: 36 MB (37,748,736 bytes) Comments |
|||||
Check Text
Review the EDSP or document that contains this information. Determine the global maximum message receive size and whether signoff with risk acceptance is documented for the Receive connector to have a different value. Open the Exchange Management Shell and enter the following command: Get-ReceiveConnector | Select Name, Identity, MaxMessageSize Identify Internet-facing connectors. For each Receive connector, if the value of "MaxMessageSize" is not the same as the global value, this is a finding. or If "MaxMessageSize" is set to a numeric value different from the global value and has signoff and risk acceptance in the EDSP, this is not a finding.
Fix Text
Update the EDSP to specify the global maximum message receive size and, if operationally necessary, to document signoff with risk acceptance for the Receive connector to have a different value, or verify that this information is documented by the organization. Open the Exchange Management Shell and enter the following command: Set-ReceiveConnector -Identity <'IdentityName'> -MaxMessageSize <'MaxReceiveSize'> Note: The <IdentityName> and <MaxReceiveSize> values must be in single quotes. or Enter the value as identified by the EDSP that has obtained a signoff with risk acceptance. Repeat the procedure for each Receive connector.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 7230593AD16221A983682459399C766F55F6354D ~~~~~ Default MONT-MB-002 MaxRecipientsPerMessage: 5000 Client Proxy MONT-MB-002 MaxRecipientsPerMessage: 200 [Expected 5000] Default Frontend MONT-MB-002 MaxRecipientsPerMessage: 200 [Expected 5000] Outbound Proxy Frontend MONT-MB-002 MaxRecipientsPerMessage: 200 [Expected 5000] Client Frontend MONT-MB-002 MaxRecipientsPerMessage: 200 [Expected 5000] Comments |
|||||
Check Text
Note: This requirement applies to IMAP4. IMAP Secure is not restricted and does not apply to this requirement. Review the Email Domain Security Plan (EDSP) or document that contains this information. Determine the Maximum Recipients per Message value. Open the Exchange Management Shell and enter the following command: Get-ReceiveConnector | Select Name, Identity, MaxRecipientsPerMessage For each Receive connector, evaluate the "MaxRecipientsPerMessage" value. For each Receive connector, if the value of "MaxRecipientsPerMessage" is not set to "5000", this is a finding. or If the value of "MaxRecipientsPerMessage" is set to a value other than "5000" and has signoff and risk acceptance in the EDSP, this is not a finding.
Fix Text
Update the EDSP to specify the "MaxRecipientsPerMessage" value or verify that this information is documented by the organization. Open the Exchange Management Shell and enter the following command: Set-ReceiveConnector -Identity <'IdentityName'> -MaxRecipientsPerMessage 5000 Note: The <IdentityName> value must be in single quotes. or Enter the value as identified by the EDSP that has obtained a signoff with risk acceptance. Repeat the procedure for each Receive connector.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 834194A4A7D15D722E15147FA87F03E5632BA71D ~~~~~ MONTFORD MNOC-MAIL MaxMessageSize: 35 MB (36,700,160 bytes) Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP) or document that contains this information. Determine the maximum message send size. Open the Exchange Management Shell and enter the following command: Get-SendConnector | Select Name, Identity, MaxMessageSize For each Send connector, if the value of "MaxMessageSize" is not the same as the global value, this is a finding. or If "MaxMessageSize" is set to a numeric value different from the maximum message send size value documented in the EDSP, this is a finding.
Fix Text
Update the EDSP to specify the "MaxMessageSize" value or verify that this information is documented by the organization. Open the Exchange Management Shell and enter the following command: Set-SendConnector -Identity <'IdentityName'> -MaxMessageSize <MaxSendSize> Note: The <IdentityName> value must be in single quotes. or Enter the value as identified by the EDSP that has obtained a signoff with risk acceptance. Repeat the procedures for each Send connector.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 26636067A7CB6EAC0757F199EB34339D679AFD0D ~~~~~ MONT-MB-002 MaxPerDomainOutboundConnections: 40 [Expected 20] Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP) or document that contains this information. Determine the value for Maximum Outbound Domain Connections. Open the Exchange Management Shell and enter the following command: Get-TransportService | Select Name, Identity, MaxPerDomainOutboundConnections If the value of "MaxPerDomainOutboundConnections" is not set to "20", this is a finding. or If "MaxPerDomainOutboundConnections" is set to a value other than "20" and has signoff and risk acceptance in the EDSP, this is not a finding.
Fix Text
Update the EDSP to specify the "MaxPerDomainOutboundConnection" value or verify that this information is documented by the organization. Open the Exchange Management Shell and enter the following command: Set-TransportService -Identity <'IdentityName'> -MaxPerDomainOutboundConnections 20 Note: The <IdentityName> value must be in single quotes. or Enter the value as identified by the EDSP that has obtained a signoff with risk acceptance.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: CFA29C51824982F2349DD1A358C35268E97EBEE0 ~~~~~ MaxRecipientEnvelopeLimit IsUnlimited: False Value: 500 [Expected 5000] Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP). Determine the global maximum message recipient count. Open the Exchange Management Shell and enter the following command: Get-TransportConfig | Select Name, Identity, MaxRecipientEnvelopeLimit If the value of "MaxRecipientEnvelopeLimit" is not set to "5000", this is a finding. or If "MaxRecipientEnvelopeLimit" is set to an alternate value and has signoff and risk acceptance in the EDSP, this is not a finding.
Fix Text
Update the EDSP to specify the global maximum message recipient count. Set-TransportConfig -MaxRecipientEnvelopeLimit 5000 or Enter the value as identified by the EDSP that has obtained a signoff with risk acceptance. Restart the Microsoft Exchange Information Store service.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: D6373FBD6DA5342DBCAB0C09C5DED584B7BF60D3 ~~~~~ Admin Audit Log Settings AdminAuditLogParameters: * Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-AdminAuditLogConfig | Select AdminAuditLogParameters Note: The value of "*" indicates all parameters are being audited. If the value of "AdminAuditLogParameters" is not set to "*", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-AdminAuditLogConfig -AdminAuditLogParameters *
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 1870BD58CEAF277A6AE44AE6A55764ED3758B85B ~~~~~ MB-002-DefaultDB CircularLoggingEnabled: False Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-MailboxDatabase | Select Name, Identity, CircularLoggingEnabled If the value of "CircularLoggingEnabled" is not set to "False", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-MailboxDatabase -Identity <'IdentityName'> -CircularLoggingEnabled $false Note: The <IdentityName> value must be in single quotes.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: A93511D0D721D1DC88AD14E37EB1971F145FE7EC ~~~~~ MB-002-DefaultDB MountAtStartup: True Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-MailboxDatabase | Select Name, Identity, MountAtStartup If the value of "MountAtStartup" is not set to "True", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-MailboxDatabase -Identity <'IdentityName'> -MountAtStartup $true Note: The <IdentityName> value must be in single quotes.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: D8C1E73A02232C118E782E1B82BC9720F69E6841 ~~~~~ Default MONT-MB-002 MaxHopCount: 60 Client Proxy MONT-MB-002 MaxHopCount: 60 Default Frontend MONT-MB-002 MaxHopCount: 60 Outbound Proxy Frontend MONT-MB-002 MaxHopCount: 60 Client Frontend MONT-MB-002 MaxHopCount: 60 Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP) or document that contains this information. Determine the Max Hop Count value for Receive connectors. Open the Exchange Management Shell and enter the following command: Get-ReceiveConnector | Select Name, MaxHopCount For each Receive connector, if the value of "MaxHopCount" is not set to "60", this is a finding. or If the value of "MaxHopCount" is set to a value other than "60" and has signoff and risk acceptance in the EDSP, this is not a finding.
Fix Text
Update the EDSP to specify the "MaxHopCount" value or verify that this information is documented by the organization. Open the Exchange Management Shell and enter the following command: Set-ReceiveConnector -MaxHopCount 60 or Enter the value as identified by the EDSP that has obtained a signoff with risk acceptance. Repeat the procedure for each Receive connector.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: F8A978FF11809B2FDBB73735F1F183BE74CFAD7B ~~~~~ MONT-MB-002 MaxOutboundConnections: 1000 Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP). Determine the value for SMTP Server Maximum Outbound Connections. Open the Exchange Management Shell and enter the following command: Get-TransportService | Select Name, Identity, MaxOutboundConnections If the value of "MaxOutboundConnections" is not set to "1000", this is a finding. or If "MaxOutboundConnections" is set to a value other than "1000" and has signoff and risk acceptance in the EDSP, this is not a finding.
Fix Text
Update the EDSP to specify the "MaxOutboundConnections" value. Open the Exchange Management Shell and enter the following command: Set-TransportServer -Identity <'IdentityName'> -MaxOutboundConnections 1000 Note: The <IdentityName> value must be in single quotes. or Enter the value as identified by the EDSP that has obtained a signoff with risk acceptance.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: A8E75044F4A192E25B2D2B3EDFD82DA6FEE4CB3F ~~~~~ MaxReceiveSize IsUnlimited: False Value: 10 MB (10,485,760 bytes) Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP) or document that contains this information. Determine the global maximum message receive size. Open the Exchange Management Shell and enter the following command: Get-TransportConfig | Select Name, Identity, MaxReceiveSize If the value of "MaxReceiveSize" is not set to "10MB", this is a finding. or If "MaxReceiveSize" is set to an alternate value and has signoff and risk acceptance in the EDSP, this is not a finding.
Fix Text
Update the EDSP to specify the "MaxReceiveSize" value or verify that this information is documented by the organization. Open the Exchange Management Shell and enter the following command: Set-TransportConfig -MaxReceiveSize 10MB or Enter the value as identified by the EDSP that has obtained a signoff with risk acceptance.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: AA63A9B828AB8E4A9FDF231D6695E9A2E2AD8F2B ~~~~~ MaxSendSize IsUnlimited: False Value: 10 MB (10,485,760 bytes) Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP) or document that contains this information. Determine the global maximum message send size. Open the Exchange Management Shell and enter the following command: Get-TransportConfig | Select Name, Identity, MaxSendSize If the value of "MaxSendSize" is not set to "10MB", this is a finding. or If "MaxSendSize" is set to an alternate value and has signoff and risk acceptance in the EDSP, this is not a finding.
Fix Text
Update the EDSP to specify the "MaxSendSize" value or verify that this information is documented by the organization. Open the Exchange Management Shell and enter the following command: Set-TransportConfig -MaxSendSize 10MB or Enter the value as identified by the EDSP that has obtained a signoff with risk acceptance.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: B015A87E59B8836B88A3017C6E713B798A01E596 ~~~~~ MONTFORD MNOC-MAIL ConnectionInactivityTimeOut: 00:10:00 Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP) or document that contains this information. Determine the Connection Timeout value. Open the Exchange Management Shell and enter the following command: Get-SendConnector | Select Name, Identity, ConnectionInactivityTimeOut For each Send connector, if the value of "ConnectionInactivityTimeOut" is not set to "00:10:00", this is a finding. or If "ConnectionInactivityTimeOut" is set to a value other than "00:10:00" and has signoff and risk acceptance in the EDSP, this is not a finding.
Fix Text
Update the EDSP to specify the "ConnectionInactivityTimeOut" value. Open the Exchange Management Shell and enter the following command: Set-SendConnector -Identity <'IdentityName'> -ConnectionInactivityTimeOut 00:10:00 Note: The <IdentityName> value must be in single quotes. or Enter the value as identified by the EDSP that has obtained a signoff with risk acceptance.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: B8810113895A99B17130D8D5D2A5CEDB7A1E6A0E ~~~~~ Default MONT-MB-002 ConnectionTimeout: 00:10:00 Client Proxy MONT-MB-002 ConnectionTimeout: 00:10:00 Default Frontend MONT-MB-002 ConnectionTimeout: 00:10:00 Outbound Proxy Frontend MONT-MB-002 ConnectionTimeout: 00:10:00 Client Frontend MONT-MB-002 ConnectionTimeout: 00:10:00 Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP). Determine the Connection Timeout value. Open the Exchange Management Shell and enter the following command: Get-ReceiveConnector | Select Name, Identity, ConnectionTimeout For each Receive connector, if the value of "ConnectionTimeout" is not set to "00:10:00", this is a finding. or If "ConnectionTimeout" is set to other than "00:10:00" and has signoff and risk acceptance in the EDSP, this is not a finding.
Fix Text
Update the EDSP to specify the Connection Timeout value. Open the Exchange Management Shell and enter the following command: Set-ReceiveConnector -Identity <'IdentityName'> -ConnectionTimeout 00:10:00 Note: The <IdentityName> value must be in single quotes. or Enter the value as identified by the EDSP that has obtained a signoff with risk acceptance.