| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-228407 | CAT II | MONT-MB-002 | Microsoft Exchange 2016 Mailbox Server S... | Exchange must not send nondelivery reports to remo... | - | |||
Check TextNOTE: For the purpose of this requirement, “remote” refers to those domains external to the DoDIN, whether classified or unclassified. NDRs between DoDIN networks is permitted. Open the Exchange Management Shell and enter the following command: Get-RemoteDomain | Select Name, Identity, NDREnabled If the value of "NDREnabled" is not set to "False", this is a finding. Fix TextOpen the Exchange Management Shell and enter the following command: Set-RemoteDomain -Identity <'IdentityName'> -NDREnabled $false Note: The <IdentityName> value must be in single quotes. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be OPEN on 10/23/2025 ResultHash: BF6C18D61258522F266F50CFBBD9CA3CAFD4B33E ~~~~~ Default DomainName: * NDREnabled: True [Expected False]
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_MSExchange2016MB_V2R6_20251023-152357.ckl
Scan Date: 2026-01-14T12:57:33.455034
Technology Area: Exchange Server
|
||||||||