| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP). Determine the anti-virus strategy. Verify the email-aware anti-virus scanner product is Exchange 2016 compatible and DoD approved. If email servers are using an email-aware anti-virus scanner product that is not DoD approved and Exchange 2016 compatible, this is a finding.
Fix Text
Update the EDSP to specify the organization's anti-virus strategy. Install and configure a DoD-approved compatible Exchange 2016 email-aware anti-virus scanner product.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be OPEN on 10/23/2025 ResultHash: E93B95A4ADD9CAD25899E809C74CFE6B9B22C253 ~~~~~ CertificateDomains: MONT-MB-002.MONTFORD-POINT.navy.mil Subject: CN=MONT-MB-002.MONTFORD-POINT.navy.mil, OU=USN, OU=PKI, OU=DoD, O=U.S. Government, C=US Issuer: CN=DOD SW CA-67, OU=PKI, OU=DoD, O=U.S. Government, C=US Services: IMAP, POP NotAfter: 06/12/2026 18:24:02 Thumbprint: 4474E394A46CBB595F7C2A2CF85C3E59BD4C84E6 CertificateDomains: mont-mb-002.montford-point.navy.mil, MONT-MB-002.MONTFORD-POINT.navy Subject: CN=mont-mb-002.montford-point.navy.mil, OU=USN, OU=PKI, OU=DoD, O=U.S. Government, C=US Issuer: CN=DOD SW CA-67, OU=PKI, OU=DoD, O=U.S. Government, C=US Services: IMAP, POP, IIS, SMTP NotAfter: 06/08/2026 18:52:58 Thumbprint: 76C9C9B1E8EECDDD4A3ECB0107EF19938933B161 CertificateDomains: Subject: CN=Microsoft Exchange Server Auth Certificate Issuer: CN=Microsoft Exchange Server Auth Certificate [Not DoD issued] Services: SMTP NotAfter: 04/22/2028 17:52:30 Thumbprint: 0E3F5680CCC5915CC6B67F86BEE0307E0B7C0DA2 CertificateDomains: MONT-MB-002, MONT-MB-002.MONTFORD-POINT.navy.mil Subject: CN=MONT-MB-002 Issuer: CN=MONT-MB-002 [Not DoD issued] Services: IMAP, POP, SMTP NotAfter: 05/19/2028 17:51:07 Thumbprint: 3789117E46E20EB76C5406B7D0BCAE3C307F6BC3 CertificateDomains: WMSvc-SHA2-MONT-MB-002 Subject: CN=WMSvc-SHA2-MONT-MB-002 Issuer: CN=WMSvc-SHA2-MONT-MB-002 [Not DoD issued] Services: None NotAfter: 05/16/2033 17:33:20 Thumbprint: DF9858A0D9DDF8AEF88B8D4DFAC2C6EAB81DE294 Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-ExchangeCertificate | Select CertificateDomains, issuer If the value of "CertificateDomains" does not indicate it is issued by the DoD, this is a finding.
Fix Text
Remove the non-DoD certificate and import the correct DoD certificates.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be OPEN on 10/23/2025 ResultHash: FE246760DF11AD630D46674989CAFFBEDC086407 ~~~~~ MSExchange ADAccess\Topology EventLevel: Low [Expected Lowest] MSExchange ADAccess\Validation EventLevel: Low [Expected Lowest] MSExchange BackEndRehydration\Configuration EventLevel: Low [Expected Lowest] MSExchange BackEndRehydration\Server EventLevel: 2 [Expected Lowest] MSExchange OAuth\Configuration EventLevel: Low [Expected Lowest] MSExchange OAuth\Server EventLevel: 2 [Expected Lowest] MSExchange RBAC\RBAC EventLevel: Low [Expected Lowest] MSExchangeADTopology\Topology EventLevel: Low [Expected Lowest] Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-EventLogLevel If the Diagnostic of any EventLevel is not set to "Lowest", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-EventLogLevel -Identity <'IdentityName\EventlogName'> -Level Lowest Note: The <IdentityName\EventlogName> value must be in single quotes.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be OPEN on 10/23/2025 ResultHash: F788ADA2BEF7B785F4958C7948B5FA274C586D53 ~~~~~ MONT-MB-002 MessageTrackingLogSubjectLoggingEnabled: True [Expected False] Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-TransportService | Select Name, Identity, MessageTrackingLogSubjectLoggingEnabled If the value of “MessageTrackingLogSubjectLoggingEnabled” is not set to “False”, this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-Transportservice -MessageTrackingLogSubjectLoggingEnabled $False
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Note: If a third-party application is performing monitoring functions, the reviewer should verify the application is monitoring correctly and mark the vulnerability not applicable (NA). Open the Exchange Management Shell and enter the following command: perfmon Get-MonitoringItemHelp -Identity <String> -Server <ServerIdParameter> If no sets are defined or queues are not being monitored, this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: perfmon In the left pane, navigate to and select Performance >> Data Collector Sets >> User Defined. Right-click on, navigate to, and configure User Defined >> New >> Data Collector Sets and configure the system to use the data collection set for monitoring the queues.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be OPEN on 10/23/2025 ResultHash: 106B138DC57F06622496D2E5B78A68E885DD998E ~~~~~ ExecutionPolicy: Bypass [Expected RemoteSigned] Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-ExecutionPolicy If the value returned is not "RemoteSigned", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-ExecutionPolicy RemoteSigned
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be OPEN on 10/23/2025 ResultHash: 871D7FE5CA5CD09DE879D1100B6E9FE608C8A9D8 ~~~~~ Service: MSExchangeIMAP4 StartType: Manual [Expected Disabled] Comments |
|||||
Check Text
Note: This requirement applies to IMAP4. IMAP Secure is not restricted and does not apply to this requirement. Open the Windows Power Shell and enter the following command: Get-ItemProperty 'hklm:\system\currentcontrolset\services\MSExchangeIMAP4' | Select Start Note: The hklm:\system\currentcontrolset\services\MSExchangeIMAP4 value must be in single quotes. If the value of "Start" is not set to "4", this is a finding.
Fix Text
Open the Windows Power Shell and enter the following command: services.msc Navigate to and double-click on "Microsoft Exchange IMAP4". Click on the "General" tab. In the "Startup Type" dropdown, select "Disabled". Click the "OK" button.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be OPEN on 10/23/2025 ResultHash: 9408EB38DC8342BC3CD643D6A56F6277ADE40B99 ~~~~~ Service: MSExchangePOP3 StartType: Manual [Expected Disabled] Comments |
|||||
Check Text
Open the Windows Power Shell and enter the following command: Get-ItemProperty 'hklm:\system\currentcontrolset\services\MSExchangePOP3' | Select Start Note: The hklm:\system\currentcontrolset\services\MSExchangePOP3 value must be in single quotes. If the value of "Start" is not set to "4", this is a finding.
Fix Text
Open the Windows Power Shell and enter the following command: services.msc Navigate to and double-click on "Microsoft Exchange POP3 Backend". Click on the "General" tab. In the "Startup Type" dropdown, select "Disabled". Click the "OK" button.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be OPEN on 10/23/2025 ResultHash: 47638C11304A80A28FB7481682A9AA980FABBF25 ~~~~~ MB-002-DefaultDB RetainDeletedItemsUntilBackup: False [Expected True] Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-MailboxDatabase| Select Name, Identity, RetainDeletedItemsUntilBackup If the value of "RetainDeletedItemsUntilBackup" is not set to "True", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-MailboxDatabase -Identity <'IdentityName'> -RetainDeletedItemsUntilBackup $true Note: The <IdentityName> value must be in single quotes.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be OPEN on 10/23/2025 ResultHash: 89AEDB6D61782F30776435FEE7E9E99978D0AF04 ~~~~~ Default MONT-MB-002 PermissionGroups: ExchangeLegacyServers Client Proxy MONT-MB-002 PermissionGroups: ExchangeServers Default Frontend MONT-MB-002 PermissionGroups: AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers [Found AnonymousUsers] Outbound Proxy Frontend MONT-MB-002 PermissionGroups: ExchangeServers Client Frontend MONT-MB-002 PermissionGroups: ExchangeUsers Comments |
|||||
Check Text
NOTE: In some instances, AnonymousUsers may be necessary for organization-specific operations. In such cases, allowing AnonymousUsers must be paired with restricting to specific lists of servers allowed to access. In addition, the risk must be documented and accepted by the ISSO, ISSM, or AO. Open the Exchange Management Shell and enter the following command: Get-ReceiveConnector | Select Name, Identity, PermissionGroups For each Receive connector, if the value of "PermissionGroups" is "AnonymousUsers" for any receive connector, this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-ReceiveConnector -Identity <'IdentityName'> -PermissionGroups and enter a valid value user group. Note: The <IdentityName> value must be in single quotes. Example: Set-ReceiveConnector -Identity <'IdentityName'> -PermissionGroups ExchangeUsers Repeat the procedures for each Receive connector.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be OPEN on 10/23/2025 ResultHash: 6EBBBF0E17F15D624AAD5431B53223AB6A7428F1 ~~~~~ Default DomainName: * AllowedOOFType: External [Expected InternalLegacy] Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-RemoteDomain | Select Name, DomainName, Identity, AllowedOOFType If the value of "AllowedOOFType" is not set to "InternalLegacy", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-RemoteDomain -Identity <'IdentityName'> -AllowedOOFType 'InternalLegacy' Note: The <IdentityName> and InternalLegacy values must be in single quotes.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP). Determine whether the site monitors system files (e.g., *.exe, *.bat, *.com, *.cmd, and *.dll) on servers for unauthorized changes against a baseline on a weekly basis. If software files are not monitored for unauthorized changes, this is a finding.
Fix Text
Update the EDSP to specify that the organization monitors system files on servers for unauthorized changes against a baseline on a weekly basis or verify that this information is documented by the organization. Monitor the software files (e.g., *.exe, *.bat, *.com, *.cmd, and *.dll) on Exchange servers for unauthorized changes against a baseline on a weekly basis. Note: This can be done with the use of various monitoring tools.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be OPEN on 10/23/2025 ResultHash: 5FDC7A99194B45A2F4E960CE93A99C76465240AE ~~~~~ MONT-MB-002\Rpc (Default Web Site) InternalClientAuthenticationMethod: Ntlm ExternalClientAuthenticationMethod: Negotiate [Expected Ntlm] Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-OutlookAnywhere Get-OutlookAnywhere | Select Name, Identity, InternalClientAuthenticationMethod, ExternalClientAuthenticationMethod If the value of "InternalClientAuthenticationMethod" and the value of "ExternalClientAuthenticationMethod" are not set to NTLM, this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: For InternalClientAuthenticationMethod: Set-OutlookAnywhere -Identity '<IdentityName'> -InternalClientAuthenticationMethod NTLM For ExternalClientAuthenticationMethod: Set-OutlookAnywhere -Identity '<IdentityName'> -ExternalClientAuthenticationMethod NTLM
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be OPEN on 10/23/2025 ResultHash: DB9256765798EA82100E404D1BDD26FCF8546E66 ~~~~~ Default DomainName: * DeliveryReportEnabled: True [Expected False] Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-RemoteDomain | Select Identity, DeliveryReportEnabled If the value of "DeliveryReportEnabled" is not set to "False", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-RemoteDomain -Identity <'IdentityName'> -DeliveryReportEnabled $false Note: The <IdentityName> value must be in single quotes.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be OPEN on 10/23/2025 ResultHash: BF6C18D61258522F266F50CFBBD9CA3CAFD4B33E ~~~~~ Default DomainName: * NDREnabled: True [Expected False] Comments |
|||||
Check Text
NOTE: For the purpose of this requirement, “remote” refers to those domains external to the DoDIN, whether classified or unclassified. NDRs between DoDIN networks is permitted. Open the Exchange Management Shell and enter the following command: Get-RemoteDomain | Select Name, Identity, NDREnabled If the value of "NDREnabled" is not set to "False", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-RemoteDomain -Identity <'IdentityName'> -NDREnabled $false Note: The <IdentityName> value must be in single quotes.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be OPEN on 10/23/2025 ResultHash: A84891728C801098787292FDEBFD425C856D0E44 ~~~~~ Default MONT-MB-002 Banner: [Expected 220 SMTP Server Ready] Client Proxy MONT-MB-002 Banner: [Expected 220 SMTP Server Ready] Default Frontend MONT-MB-002 Banner: [Expected 220 SMTP Server Ready] Outbound Proxy Frontend MONT-MB-002 Banner: [Expected 220 SMTP Server Ready] Client Frontend MONT-MB-002 Banner: [Expected 220 SMTP Server Ready] Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-ReceiveConnector | Select Name, Identity, Banner For each Receive connector, if the value of "Banner" is not set to "220 SMTP Server Ready", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-ReceiveConnector -Identity <'IdentityName'> -Banner '220 SMTP Server Ready' Note: The <IdentityName> and 220 SMTP Server Ready values must be in single quotes. Repeat the procedures for each Receive connector.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding Details[PS] C:\windows\system32>Get-SendConnector | Select Name, Identity, TlsAuthLevel Name Identity TlsAuthLevel ---- -------- ------------ MONTFORD MNOC-MAIL MONTFORD MNOC-MAIL Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-SendConnector | Select Name, Identity, TlsAuthLevel For each Send connector, if the value of "TlsAuthLevel" is not set to "DomainValidation", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-SendConnector -Identity <'IdentityName'> -TlsAuthLevel DomainValidation Note: The <IdentityName> value must be in single quotes. Repeat the procedure for each Send connector.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 46AE9BF4D3752039AF3EC8466DB7C6EF44F699D8 ~~~~~ No Database Availability Groups are configured. Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP). Determine if the Exchange Mailbox databases are using redundancy. Open the Exchange Management Shell. Enter the following command: Get-DatabaseAvailabilityGroup <DAGName> | Format-List If the DAG is not displayed, this is a finding.
Fix Text
Update the EDSP to specify how Exchange Mailbox databases use redundancy. Access the Exchange Management Shell and add new Database Availability Groups based upon the EDSP using the following command: New-DatabaseAvailabilityGroup See the following documentation for options when creating a DAG: https://docs.microsoft.com/en-us/exchange/high-availability/manage-ha/create-dags?view=exchserver-2019.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be OPEN on 10/23/2025 ResultHash: 4EA59F616166BD941B5943C6CD5AE4C5B913F7ED ~~~~~ MONT-MB-002 FormsAuthentication: True [Expected False] Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-OwaVirtualDirectory | Select ServerName, Name, Identity, FormsAuthentication If the value of "FormsAuthentication" is not set to "False", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-OwaVirtualDirectory -Identity <'IdentityName'> -FormsAuthentication $false Note: <IdentityName> must be in single quotes. Example for the Identity Name: <ServerName>\owa (Default website) Restart the ISS service.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be OPEN on 10/23/2025 ResultHash: 8BFE4669A6229F6E578599A2EB753E7E7EF5EF8C ~~~~~ MONT-MB-002 WindowsAuthentication: False [Expected True] Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-OwaVirtualDirectory | Select ServerName, Name, Identity,*Authentication If the value of "WindowsAuthentication" is not set to "True", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-OwaVirtualDirectory -Identity '<IdentityName>' -WindowsAuthentication $true Note: The <IdentityName> value must be in single quotes. Example for the Identity Name: <ServerName>\owa (Default website)
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 19931B80E7131B77BE3BC5B9969F3D65CA69082F ~~~~~ Admin Audit Log Settings AdminAuditLogEnabled: True Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-AdminAuditLogConfig | Select Name, AdminAuditLogEnabled If the value of "AdminAuditLogEnabled" is not set to "True", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-AdminAuditLogConfig -AdminAuditLogEnabled $true
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 01AD5D494759011CA51CA939267F080C3E8E3E9F ~~~~~ Default DomainName: * AutoForwardEnabled: False Comments |
|||||
Check Text
Note: Requirement is not applicable on classified or completely closed networks. Non-Enterprise Mail Check Content: Open the Exchange Management Shell and enter the following command: Get-RemoteDomain | Select Identity, AutoForwardEnabled If the value of AutoForwardEnabled is not set to "False", this is a finding. Enterprise Mail Check Content: If the value of "AutoForwardEnabled" is set to "True", this is not a finding. and In the Exchange Management Shell, enter the following command: Get-RemoteDomain If the value of "RemoteDomain" is not set to ".mil" and/or ".gov" domain(s), this is a finding.
Fix Text
Non-Enterprise Mail Fix Text: Open the Exchange Management Shell and enter the following command: Set-RemoteDomain -Identity <'IdentityName'> -AutoForwardEnabled $false Note: The <IdentityName> value must be in single quotes. Enterprise Mail Fix Text: New-RemoteDomain -Name <NewRemoteDomainName> -DomainName <SMTP Address> Note: <NewRemoteDomainName> must either be a .mil or .gov domain. Set-RemoteDomain -Identity <'RemoteDomainIdentity'> -AutoForwardEnabled $true Note: The <RemoteDomainIdentity> value must be in single quotes.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 180942F5266B090B1533C523928C24A35C3D21CD ~~~~~ MONT-MB-002 ConnectivityLogEnabled: True Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-TransportService | Select Name, Identity, ConnectivityLogEnabled If the value of "ConnectivityLogEnabled" is not set to "True", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-TransportService -Identity <'IdentityName'> -ConnectivityLogEnabled $true Note: The <IdentityName> value must be in single quotes.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 7F2778DBDDF6D0906F4A5033A14914FCA17D86AA ~~~~~ MONT-MB-002 MessageTrackingLogEnabled: True Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-Transportservice | Select Name, MessageTrackingLogEnabled If the value of MessageTrackingLogEnabled is not set to True, this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-Transportservice <IdentityName> -MessageTrackingLogEnabled $true Note: The <IdentityName> value must be in quotes.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: ECCF4978A478F1D86DB18287E92A16E0AC2B7781 ~~~~~ MONT-MB-002 ErrorReportingEnabled: False Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-ExchangeServer –status | Select Name, Identity, ErrorReportingEnabled For each Exchange Server, if the value of "ErrorReportingEnabled" is not set to "False", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-ExchangeServer -Identity <'IdentityName'> -ErrorReportingEnabled $false Note: The <IdentityName> value must be in single quotes. Repeat the process for each Exchange Server.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP) or document that contains this information. Determine the authorized groups or users that should have "Read" access to the audit data. If any group or user has "Read" access to the audit data that is not documented in the EDSP, this is a finding.
Fix Text
Update the EDSP to specify the authorized groups or users that should have "Read" access to the audit data or verify that this information is documented by the organization. Restrict any unauthorized groups' or users' "Read" access to the audit logs.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 48E477F393434DC552428C0DA68CBB9FDF7D9EDD ~~~~~ Montford-Point CustomerFeedbackEnabled: False Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-OrganizationConfig | Select CustomerFeedbackEnabled If the value for "CustomerFeedbackEnabled" is not set to "False", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-OrganizationConfig -CustomerFeedbackEnabled $false
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP) or document that contains this information. Determine the authorized groups or users that should have access to the audit data. If any group or user has modify privileges for the audit data that is not documented in the EDSP, this is a finding.
Fix Text
Update the EDSP to specify the authorized groups or users that should have access to the audit data or verify that this information is documented by the organization. Restrict any unauthorized groups' or users' modify permissions for the audit logs.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP) or document that contains this information. Determine the authorized groups or users that should have "Delete" permissions for the audit data. If any group or user has "Delete" permissions for the audit data that is not documented in the EDSP, this is a finding.
Fix Text
Update the EDSP to specify the authorized groups or users that should have "Delete" permissions for the audit data or verify that this information is documented by the organization. Restrict any unauthorized groups' or users' "Delete" permissions for the audit logs.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP) or document that contains this information. Determine the audit logs' assigned partition. By default, the logs are located on the application partition in \Program Files\Microsoft\Exchange Server\V15\Logging. If the log files are not on a separate partition from the application, this is a finding.
Fix Text
Update the EDSP to specify the audit logs' assigned partition or verify that this information is documented by the organization. Configure the audit log location to be on a partition drive separate from the application.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsName Identity EdbFilePath ---- -------- ----------- MB-002-DefaultDB MB-002-DefaultDB M:\ExchangeDB\MB-002-DefaultDB\MB-002-DefaultDB.edb Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP) or document that contains this information. Determine the location where the Exchange Mailbox databases reside. Open the Exchange Management Shell and enter the following command: Get-MailboxDatabase | Select Name, Identity, EdbFilePath Open Windows Explorer, navigate to the mailbox databases, and verify they are on a dedicated partition. If the mailbox databases are not on a dedicated partition, this is a finding.
Fix Text
Update the EDSP to specify the location where the Exchange Mailbox databases reside or verify that this information is documented by the organization. Configure the mailbox databases on a dedicated partition.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 249A8EC66215FCADBB6764171802D74FF0CB5F13 ~~~~~ MONTFORD MNOC-MAIL SmartHosts: mail.msc.navy.mil Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-SendConnector | Select Name, Identity, SmartHosts Identify the Internet-facing connectors. For each Send connector, if the value of "SmartHosts" does not return the Smart Host IP address, this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-SendConnector -Identity <'IdentityName'> -SmartHosts <'IP Address of Smart Host'> -DNSRoutingEnabled $false Note: The <IdentityName> and <IP Address of Smart Host> values must be in single quotes. Repeat the procedure for each Send connector.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 0F0A2FB529F9459CA8C8D64C822BDFB9A14AE8E3 ~~~~~ Default MONT-MB-002 AuthMechanism: Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer Client Proxy MONT-MB-002 AuthMechanism: Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer Default Frontend MONT-MB-002 AuthMechanism: Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer Outbound Proxy Frontend MONT-MB-002 AuthMechanism: Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer Client Frontend MONT-MB-002 AuthMechanism: Tls, Integrated, BasicAuth, BasicAuthRequireTLS Comments |
|||||
Check Text
Note: AuthMechanism may include other mechanisms as long as the "Tls" is identified. Open the Exchange Management Shell and enter the following command: Get-ReceiveConnector | Select Name, Identity, AuthMechanism For each Receive connector, if the value of "AuthMechanism" is not set to "Tls", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-ReceiveConnector -Identity <'IdentityName'> -AuthMechanism 'Tls' Note: The <IdentityName> value must be in single quotes. Repeat the procedures for each Receive connector.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 3641A0707F4F5F9828AF8D61B78F702E3BEED3D9 ~~~~~ No mailboxes have 'ForwardingSmtpAddress' configured. Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP). Determine any accounts that have been authorized to have email auto-forwarded. Note: If email auto-forwarding is not being used, this check is not applicable. . Open the Exchange Management Shell and enter the following commands: Get-Mailbox | Select Name, Identity, Filter If any user has a forwarding SMTP address and is not documented in the EDSP, this is a finding. Note: If no remote SMTP domain matching the mail-enabled user or contact that allows forwarding is configured for users identified with a forwarding address, this function will not work properly.
Fix Text
Update the EDSP. Open the Exchange Management Shell and enter the following command: Set-Mailbox -Identity <'IdentityName'> -ForwardingSMTPAdddress $null Note: The <IdentityName> value must be in quotes.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 01AD5D494759011CA51CA939267F080C3E8E3E9F ~~~~~ Default DomainName: * AutoForwardEnabled: False Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP) or document that contains this information. Determine any accounts that have been authorized to have email auto-forwarded. Note: If email auto-forwarding is not being used, this check is not applicable (NA). Open the Exchange Management Shell and enter the following commands: Get-RemoteDomain | Select Name, Identity, DomainName, AutoForwardEnabled If any domain for a user forwarding SMTP address is not documented in the EDSP, this is a finding. Note: If no remote SMTP domain matching the mail-enabled user or contact that allows forwarding is configured for users identified with a forwarding address, this function will not work properly.
Fix Text
Update the EDSP to specify any accounts that have been authorized to have email auto-forwarded or verify that this information is documented by the organization. Open the Exchange Management Shell and enter the following command: Set- RemoteDomain -Identity <RemoteDomainIdParameter>
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: F65A250F9ABFD150084B7FDAF74BA7C8F0B87779 ~~~~~ ContentFilterConfig Enabled: True Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP). Note: If using another DoD-approved antispam product for email or a DoD-approved email gateway spamming device, such as Enterprise Email Security Gateway (EEMSG), this is not applicable (NA). Open the Exchange Management Shell and enter the following command: Get-ContentFilterConfig | Format-Table Name,Enabled If no value is returned, this is a finding.
Fix Text
Update the EDSP with the anti-spam mechanism used. Install the AntiSpam module. Open the Exchange Management Shell and enter the following command: & $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: AD96C9D5E6C604344671F19DFAA8D612FE3B24C3 ~~~~~ ContentFilterConfig Enabled: True SenderFilterConfig Enabled: True SenderIdConfig Enabled: True Sender Reputation Enabled: True Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP). Note: If using another DoD-approved anti-spam product for email or a DoD-approved email gateway spamming device, such as Enterprise Email Security Gateway (EEMSG), this is not applicable (NA). Open the Exchange Management Shell and enter the following command: Get-ContentFilterConfig | Format-Table Name,Enabled; Get-SenderFilterConfig | Format-Table Name,Enabled; Get-SenderIDConfig | Format-Table Name,Enabled; Get-SenderReputationConfig | Format-Table Name,Enabled If any of the following values returned are not set to "True", this is a finding: Set-ContentFilterConfig Set-SenderFilterConfig Set-SenderIDConfig Set-SenderReputationConfig
Fix Text
Update the EDSP with the anti-spam mechanism used. Open the Exchange Management Shell and enter the following command for any values that were not set to "True": Set-ContentFilterConfig -Enabled $true Set-SenderFilterConfig -Enabled $true Set-SenderIDConfig -Enabled $true Set-SenderReputationConfig -Enabled $true
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 3FC99851771D3F134E9442229893EE7CF85081BD ~~~~~ No internal SMTP servers are configured. Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP). Note: If using another DoD-approved antispam product for email or a DoD-approved email gateway spamming device, such as Enterprise Email Security Gateway (EEMSG), this is not applicable (NA). Determine the internal SMTP servers. Open the Exchange Management Shell and enter the following command: Get-TransportConfig | Format-List InternalSMTPServers If any internal SMTP server IP address returned does not reflect the list of accepted SMTP server IP addresses, this is a finding.
Fix Text
Note: Configure the IP addresses of every internal SMTP server. If the Mailbox server is the only SMTP server running the antispam agents, configure the IP address of the Mailbox server. Update the EDSP with the anti-spam mechanism used. Open the Exchange Management Shell and enter the following command: Single SMTP server address: Set-TransportConfig -InternalSMTPServers @{Add='<ip address1>'} Multiple SMTP server addresses: Set-TransportConfig -InternalSMTPServers @{Add='<ip address1>','<ip address2>'}
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: C547014D2DADF1389C64FAEDC51F1233F9AFEFE3 ~~~~~ Default DomainName: * AutoReplyEnabled: False Comments |
|||||
Check Text
Note: Automated replies to .MIL or .GOV sites are allowed. Open the Exchange Management Shell and enter the following command: Get-RemoteDomain | Select Name, Identity, AutoReplyEnabled If the value of “AutoReplyEnabled” is set to “True” and is configured to only Reply to .MIL or .GOV sites, this is not a finding. If the value of "AutoReplyEnabled" is not set to "False", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-RemoteDomain -Identity <'IdentityName'> -AutoReplyEnabled $false Note: The <IdentityName> value must be in single quotes.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding Details[PS] C:\windows\system32>icacls E:\ExchangeV15\ E:\ExchangeV15\ NT AUTHORITY\Authenticated Users:(RX) NT AUTHORITY\SYSTEM:(OI)(CI)(F) BUILTIN\Administrators:(OI)(CI)(F) Successfully processed 1 files; Failed processing 0 files Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP) or document that contains this information. Determine the authorized groups and users that have access to the Exchange application directories. Verify the access permissions on the directory match the access permissions listed in the EDSP. If any group or user has different access permissions, this is a finding. Note: The default installation directory is \Program Files\Microsoft\Exchange Server\V15.
Fix Text
Update the EDSP to specify the authorized groups and users that have access to the Exchange application directories or verify that this information is documented by the organization. Navigate to the Exchange application directory and remove or modify the group or user access permissions. Note: The default installation directory is \Program Files\Microsoft\Exchange Server\V15.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsContains ExchangeServer2016-x64-CU23.iso on C:\tools\Exchange2016 Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP) or document that contains this information. Determine the software baseline. Review the application software baseline procedures and implementation artifacts. Note the list of files and directories included in the baseline procedure for completeness. If an email software copy exists to serve as a baseline and is available for comparison during scanning efforts, this is not a finding.
Fix Text
Update the EDSP to specify the software baseline, procedures, and implementation artifacts or verify that this information is documented by the organization.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 20D1AF990AB29C14E8D3BD960D9C2D996059E910 ~~~~~ ServiceName: ActivID Shared Store Service Displayname: ActivID Shared Store Service Status: Running StartType: Automatic ServiceName: AJRouter Displayname: AllJoyn Router Service Status: Stopped StartType: Manual ServiceName: ALG Displayname: Application Layer Gateway Service Status: Stopped StartType: Manual ServiceName: AppHostSvc Displayname: Application Host Helper Service Status: Running StartType: Automatic ServiceName: AppIDSvc Displayname: Application Identity Status: Running StartType: Automatic ServiceName: Appinfo Displayname: Application Information Status: Running StartType: Manual ServiceName: AppMgmt Displayname: Application Management Status: Stopped StartType: Manual ServiceName: AppReadiness Displayname: App Readiness Status: Stopped StartType: Manual ServiceName: AppVClient Displayname: Microsoft App-V Client Status: Stopped StartType: Disabled ServiceName: AppXSvc Displayname: AppX Deployment Service (AppXSVC) Status: Stopped StartType: Manual ServiceName: aspnet_state Displayname: ASP.NET State Service Status: Stopped StartType: Manual ServiceName: AudioEndpointBuilder Displayname: Windows Audio Endpoint Builder Status: Stopped StartType: Manual ServiceName: Audiosrv Displayname: Windows Audio Status: Stopped StartType: Manual ServiceName: AxInstSV Displayname: ActiveX Installer (AxInstSV) Status: Stopped StartType: Manual ServiceName: BackupExecAgentAccelerator Displayname: Backup Exec Remote Agent for Windows Status: Running StartType: Automatic ServiceName: BackupExecLockdownServer Displayname: Backup Exec Lockdown Server Status: Running StartType: Automatic ServiceName: bedbg Displayname: Backup Exec Error Recording Service Status: Running StartType: Automatic ServiceName: BFE Displayname: Base Filtering Engine Status: Running StartType: Automatic ServiceName: BITS Displayname: Background Intelligent Transfer Service Status: Stopped StartType: Manual ServiceName: BrokerInfrastructure Displayname: Background Tasks Infrastructure Service Status: Running StartType: Automatic ServiceName: bthserv Displayname: Bluetooth Support Service Status: Stopped StartType: Manual ServiceName: c2wts Displayname: Claims to Windows Token Service Status: Stopped StartType: Manual ServiceName: CDPSvc Displayname: Connected Devices Platform Service Status: Running StartType: Automatic ServiceName: CDPUserSvc_2da7f023 Displayname: CDPUserSvc_2da7f023 Status: Running StartType: Automatic ServiceName: CertPropSvc Displayname: Certificate Propagation Status: Running StartType: Automatic ServiceName: ClipSVC Displayname: Client License Service (ClipSVC) Status: Stopped StartType: Manual ServiceName: COMSysApp Displayname: COM+ System Application Status: Stopped StartType: Manual ServiceName: CoreMessagingRegistrar Displayname: CoreMessaging Status: Running StartType: Automatic ServiceName: CRLAutoCache Displayname: CRLAutoCache Status: Running StartType: Automatic ServiceName: CryptSvc Displayname: Cryptographic Services Status: Running StartType: Automatic ServiceName: CscService Displayname: Offline Files Status: Stopped StartType: Disabled ServiceName: DcomLaunch Displayname: DCOM Server Process Launcher Status: Running StartType: Automatic ServiceName: DcpSvc Displayname: DataCollectionPublishingService Status: Stopped StartType: Manual ServiceName: defragsvc Displayname: Optimize drives Status: Stopped StartType: Manual ServiceName: DeviceAssociationService Displayname: Device Association Service Status: Stopped StartType: Manual ServiceName: DeviceInstall Displayname: Device Install Service Status: Stopped StartType: Manual ServiceName: DevQueryBroker Displayname: DevQuery Background Discovery Broker Status: Stopped StartType: Manual ServiceName: Dhcp Displayname: DHCP Client Status: Running StartType: Automatic ServiceName: diagnosticshub.standardcollector.service Displayname: Microsoft (R) Diagnostics Hub Standard Collector Service Status: Stopped StartType: Manual ServiceName: DiagTrack Displayname: Connected User Experiences and Telemetry Status: Running StartType: Automatic ServiceName: DmEnrollmentSvc Displayname: Device Management Enrollment Service Status: Stopped StartType: Manual ServiceName: dmwappushservice Displayname: dmwappushsvc Status: Stopped StartType: Manual ServiceName: Dnscache Displayname: DNS Client Status: Running StartType: Automatic ServiceName: dot3svc Displayname: Wired AutoConfig Status: Stopped StartType: Manual ServiceName: DPS Displayname: Diagnostic Policy Service Status: Running StartType: Automatic ServiceName: DsmSvc Displayname: Device Setup Manager Status: Stopped StartType: Manual ServiceName: DsSvc Displayname: Data Sharing Service Status: Running StartType: Manual ServiceName: Eaphost Displayname: Extensible Authentication Protocol Status: Stopped StartType: Manual ServiceName: EFS Displayname: Encrypting File System (EFS) Status: Stopped StartType: Manual ServiceName: embeddedmode Displayname: Embedded Mode Status: Stopped StartType: Manual ServiceName: EntAppSvc Displayname: Enterprise App Management Service Status: Stopped StartType: Manual ServiceName: EventLog Displayname: Windows Event Log Status: Running StartType: Automatic ServiceName: EventSystem Displayname: COM+ Event System Status: Running StartType: Automatic ServiceName: fdPHost Displayname: Function Discovery Provider Host Status: Stopped StartType: Manual ServiceName: FDResPub Displayname: Function Discovery Resource Publication Status: Stopped StartType: Manual ServiceName: FMS Displayname: Microsoft Filtering Management Service Status: Running StartType: Automatic ServiceName: FontCache Displayname: Windows Font Cache Service Status: Running StartType: Automatic ServiceName: FrameServer Displayname: Windows Camera Frame Server Status: Stopped StartType: Manual ServiceName: gpsvc Displayname: Group Policy Client Status: Running StartType: Automatic ServiceName: hidserv Displayname: Human Interface Device Service Status: Stopped StartType: Manual ServiceName: HostControllerService Displayname: Microsoft Exchange Search Host Controller Status: Running StartType: Automatic ServiceName: HvHost Displayname: HV Host Service Status: Stopped StartType: Manual ServiceName: icssvc Displayname: Windows Mobile Hotspot Service Status: Stopped StartType: Manual ServiceName: IISADMIN Displayname: IIS Admin Service Status: Running StartType: Automatic ServiceName: IKEEXT Displayname: IKE and AuthIP IPsec Keying Modules Status: Running StartType: Automatic ServiceName: InstallRoot Displayname: InstallRoot Status: Running StartType: Automatic ServiceName: iphlpsvc Displayname: IP Helper Status: Running StartType: Automatic ServiceName: KeyIso Displayname: CNG Key Isolation Status: Running StartType: Manual ServiceName: KPSSVC Displayname: KDC Proxy Server service (KPS) Status: Stopped StartType: Manual ServiceName: KtmRm Displayname: KtmRm for Distributed Transaction Coordinator Status: Stopped StartType: Manual ServiceName: LanmanServer Displayname: Server Status: Running StartType: Automatic ServiceName: LanmanWorkstation Displayname: Workstation Status: Running StartType: Automatic ServiceName: lfsvc Displayname: Geolocation Service Status: Running StartType: Manual ServiceName: LicenseManager Displayname: Windows License Manager Service Status: Running StartType: Manual ServiceName: lltdsvc Displayname: Link-Layer Topology Discovery Mapper Status: Stopped StartType: Manual ServiceName: lmhosts Displayname: TCP/IP NetBIOS Helper Status: Running StartType: Manual ServiceName: LSM Displayname: Local Session Manager Status: Running StartType: Automatic ServiceName: macmnsvc Displayname: Trellix Agent Common Services Status: Running StartType: Automatic ServiceName: MapsBroker Displayname: Downloaded Maps Manager Status: Stopped StartType: Automatic ServiceName: masvc Displayname: Trellix Agent Service Status: Running StartType: Automatic ServiceName: McAfeeFramework Displayname: Trellix Agent Backwards Compatibility Service Status: Running StartType: Manual ServiceName: mfefire Displayname: Trellix Firewall Core Service Status: Stopped StartType: Manual ServiceName: mfemms Displayname: Trellix Service Controller Status: Running StartType: Automatic ServiceName: mfevtp Displayname: Trellix Validation Trust Protection Service Status: Running StartType: Manual ServiceName: MpsSvc Displayname: Windows Firewall Status: Running StartType: Automatic ServiceName: MSComplianceAudit Displayname: Microsoft Exchange Compliance Audit Status: Running StartType: Automatic ServiceName: MSDTC Displayname: Distributed Transaction Coordinator Status: Running StartType: Automatic ServiceName: MSExchangeADTopology Displayname: Microsoft Exchange Active Directory Topology Status: Running StartType: Automatic ServiceName: MSExchangeAntispamUpdate Displayname: Microsoft Exchange Anti-spam Update Status: Running StartType: Automatic ServiceName: MSExchangeCompliance Displayname: Microsoft Exchange Compliance Service Status: Running StartType: Automatic ServiceName: MSExchangeDagMgmt Displayname: Microsoft Exchange DAG Management Status: Running StartType: Automatic ServiceName: MSExchangeDelivery Displayname: Microsoft Exchange Mailbox Transport Delivery Status: Running StartType: Automatic ServiceName: MSExchangeDiagnostics Displayname: Microsoft Exchange Diagnostics Status: Running StartType: Automatic ServiceName: MSExchangeEdgeSync Displayname: Microsoft Exchange EdgeSync Status: Running StartType: Automatic ServiceName: MSExchangeFastSearch Displayname: Microsoft Exchange Search Status: Running StartType: Automatic ServiceName: MSExchangeFrontEndTransport Displayname: Microsoft Exchange Frontend Transport Status: Running StartType: Automatic ServiceName: MSExchangeHM Displayname: Microsoft Exchange Health Manager Status: Running StartType: Automatic ServiceName: MSExchangeHMRecovery Displayname: Microsoft Exchange Health Manager Recovery Status: Running StartType: Automatic ServiceName: MSExchangeImap4 Displayname: Microsoft Exchange IMAP4 Status: Stopped StartType: Manual ServiceName: MSExchangeIMAP4BE Displayname: Microsoft Exchange IMAP4 Backend Status: Stopped StartType: Manual ServiceName: MSExchangeIS Displayname: Microsoft Exchange Information Store Status: Running StartType: Automatic ServiceName: MSExchangeMailboxAssistants Displayname: Microsoft Exchange Mailbox Assistants Status: Running StartType: Automatic ServiceName: MSExchangeMailboxReplication Displayname: Microsoft Exchange Mailbox Replication Status: Running StartType: Automatic ServiceName: MSExchangeMitigation Displayname: Microsoft Exchange Emergency Mitigation Service Status: Running StartType: Automatic ServiceName: MSExchangeNotificationsBroker Displayname: Microsoft Exchange Notifications Broker Status: Stopped StartType: Automatic ServiceName: MSExchangePop3 Displayname: Microsoft Exchange POP3 Status: Stopped StartType: Manual ServiceName: MSExchangePOP3BE Displayname: Microsoft Exchange POP3 Backend Status: Stopped StartType: Manual ServiceName: MSExchangeRepl Displayname: Microsoft Exchange Replication Status: Running StartType: Automatic ServiceName: MSExchangeRPC Displayname: Microsoft Exchange RPC Client Access Status: Running StartType: Automatic ServiceName: MSExchangeServiceHost Displayname: Microsoft Exchange Service Host Status: Running StartType: Automatic ServiceName: MSExchangeSubmission Displayname: Microsoft Exchange Mailbox Transport Submission Status: Running StartType: Automatic ServiceName: MSExchangeThrottling Displayname: Microsoft Exchange Throttling Status: Running StartType: Automatic ServiceName: MSExchangeTransport Displayname: Microsoft Exchange Transport Status: Running StartType: Automatic ServiceName: MSExchangeTransportLogSearch Displayname: Microsoft Exchange Transport Log Search Status: Running StartType: Automatic ServiceName: MSExchangeUM Displayname: Microsoft Exchange Unified Messaging Status: Running StartType: Automatic ServiceName: MSExchangeUMCR Displayname: Microsoft Exchange Unified Messaging Call Router Status: Running StartType: Automatic ServiceName: MSiSCSI Displayname: Microsoft iSCSI Initiator Service Status: Stopped StartType: Manual ServiceName: msiserver Displayname: Windows Installer Status: Stopped StartType: Manual ServiceName: MSME Displayname: Trellix Security for Microsoft Exchange Status: Running StartType: Automatic ServiceName: MSMEReplicationService Displayname: Trellix Security for Microsoft Exchange Replication Service Status: Stopped StartType: Manual ServiceName: MSMQ Displayname: Message Queuing Status: Running StartType: Automatic ServiceName: mtstrmd Displayname: Backup Exec Deduplication Multi-threaded Streaming Agent Status: Stopped StartType: Manual ServiceName: NcaSvc Displayname: Network Connectivity Assistant Status: Stopped StartType: Disabled ServiceName: NcbService Displayname: Network Connection Broker Status: Running StartType: Manual ServiceName: Netlogon Displayname: Netlogon Status: Running StartType: Automatic ServiceName: Netman Displayname: Network Connections Status: Stopped StartType: Manual ServiceName: NetMsmqActivator Displayname: Net.Msmq Listener Adapter Status: Running StartType: Automatic ServiceName: NetPipeActivator Displayname: Net.Pipe Listener Adapter Status: Running StartType: Automatic ServiceName: netprofm Displayname: Network List Service Status: Running StartType: Manual ServiceName: NetSetupSvc Displayname: Network Setup Service Status: Stopped StartType: Manual ServiceName: NetTcpActivator Displayname: Net.Tcp Listener Adapter Status: Running StartType: Automatic ServiceName: NetTcpPortSharing Displayname: Net.Tcp Port Sharing Service Status: Running StartType: Automatic ServiceName: NgcCtnrSvc Displayname: Microsoft Passport Container Status: Stopped StartType: Manual ServiceName: NgcSvc Displayname: Microsoft Passport Status: Stopped StartType: Manual ServiceName: NlaSvc Displayname: Network Location Awareness Status: Running StartType: Automatic ServiceName: nsi Displayname: Network Store Interface Service Status: Running StartType: Automatic ServiceName: OneSyncSvc_2da7f023 Displayname: Sync Host_2da7f023 Status: Running StartType: Automatic ServiceName: PcaSvc Displayname: Program Compatibility Assistant Service Status: Running StartType: Automatic ServiceName: PDVFSService Displayname: Backup Exec PureDisk Filesystem Service Status: Stopped StartType: Manual ServiceName: PerfHost Displayname: Performance Counter DLL Host Status: Stopped StartType: Manual ServiceName: PhoneSvc Displayname: Phone Service Status: Stopped StartType: Manual ServiceName: PimIndexMaintenanceSvc_2da7f023 Displayname: Contact Data_2da7f023 Status: Stopped StartType: Manual ServiceName: pla Displayname: Performance Logs & Alerts Status: Running StartType: Manual ServiceName: PlugPlay Displayname: Plug and Play Status: Running StartType: Manual ServiceName: PolicyAgent Displayname: IPsec Policy Agent Status: Stopped StartType: Disabled ServiceName: Power Displayname: Power Status: Running StartType: Automatic ServiceName: PrintNotify Displayname: Printer Extensions and Notifications Status: Stopped StartType: Manual ServiceName: ProfSvc Displayname: User Profile Service Status: Running StartType: Automatic ServiceName: QWAVE Displayname: Quality Windows Audio Video Experience Status: Stopped StartType: Manual ServiceName: RasAuto Displayname: Remote Access Auto Connection Manager Status: Stopped StartType: Manual ServiceName: RasMan Displayname: Remote Access Connection Manager Status: Stopped StartType: Manual ServiceName: RemoteAccess Displayname: Routing and Remote Access Status: Stopped StartType: Disabled ServiceName: RemoteRegistry Displayname: Remote Registry Status: Running StartType: Automatic ServiceName: RmSvc Displayname: Radio Management Service Status: Stopped StartType: Manual ServiceName: RpcEptMapper Displayname: RPC Endpoint Mapper Status: Running StartType: Automatic ServiceName: RPCHTTPLBS Displayname: RPC/HTTP Load Balancing Service Status: Stopped StartType: Manual ServiceName: RpcLocator Displayname: Remote Procedure Call (RPC) Locator Status: Stopped StartType: Manual ServiceName: RpcSs Displayname: Remote Procedure Call (RPC) Status: Running StartType: Automatic ServiceName: RSoPProv Displayname: Resultant Set of Policy Provider Status: Stopped StartType: Manual ServiceName: sacsvr Displayname: Special Administration Console Helper Status: Stopped StartType: Manual ServiceName: SamSs Displayname: Security Accounts Manager Status: Running StartType: Automatic ServiceName: SCardSvr Displayname: Smart Card Status: Stopped StartType: Automatic ServiceName: ScDeviceEnum Displayname: Smart Card Device Enumeration Service Status: Running StartType: Manual ServiceName: Schedule Displayname: Task Scheduler Status: Running StartType: Automatic ServiceName: SCPolicySvc Displayname: Smart Card Removal Policy Status: Running StartType: Automatic ServiceName: scsrvc Displayname: Trellix Solidifier Status: Running StartType: Automatic ServiceName: SearchExchangeTracing Displayname: Tracing Service for Search in Exchange Status: Running StartType: Automatic ServiceName: seclogon Displayname: Secondary Logon Status: Stopped StartType: Manual ServiceName: SENS Displayname: System Event Notification Service Status: Running StartType: Automatic ServiceName: SensorDataService Displayname: Sensor Data Service Status: Stopped StartType: Manual ServiceName: SensorService Displayname: Sensor Service Status: Running StartType: Manual ServiceName: SensrSvc Displayname: Sensor Monitoring Service Status: Stopped StartType: Manual ServiceName: SessionEnv Displayname: Remote Desktop Configuration Status: Running StartType: Manual ServiceName: SharedAccess Displayname: Internet Connection Sharing (ICS) Status: Stopped StartType: Manual ServiceName: ShellHWDetection Displayname: Shell Hardware Detection Status: Running StartType: Automatic ServiceName: smphost Displayname: Microsoft Storage Spaces SMP Status: Stopped StartType: Manual ServiceName: SNMPTRAP Displayname: SNMP Trap Status: Stopped StartType: Manual ServiceName: Spooler Displayname: Print Spooler Status: Stopped StartType: Manual ServiceName: sppsvc Displayname: Software Protection Status: Stopped StartType: Automatic ServiceName: SSDPSRV Displayname: SSDP Discovery Status: Running StartType: Manual ServiceName: SstpSvc Displayname: Secure Socket Tunneling Protocol Service Status: Stopped StartType: Manual ServiceName: StateRepository Displayname: State Repository Service Status: Running StartType: Manual ServiceName: stisvc Displayname: Windows Image Acquisition (WIA) Status: Stopped StartType: Manual ServiceName: StorSvc Displayname: Storage Service Status: Running StartType: Manual ServiceName: svsvc Displayname: Spot Verifier Status: Stopped StartType: Manual ServiceName: swprv Displayname: Microsoft Software Shadow Copy Provider Status: Running StartType: Manual ServiceName: SysMain Displayname: Superfetch Status: Stopped StartType: Manual ServiceName: SystemEventsBroker Displayname: System Events Broker Status: Running StartType: Automatic ServiceName: TabletInputService Displayname: Touch Keyboard and Handwriting Panel Service Status: Stopped StartType: Manual ServiceName: TapiSrv Displayname: Telephony Status: Stopped StartType: Manual ServiceName: TermService Displayname: Remote Desktop Services Status: Running StartType: Manual ServiceName: Themes Displayname: Themes Status: Running StartType: Automatic ServiceName: TieringEngineService Displayname: Storage Tiers Management Status: Stopped StartType: Manual ServiceName: tiledatamodelsvc Displayname: Tile Data model server Status: Running StartType: Automatic ServiceName: TimeBrokerSvc Displayname: Time Broker Status: Running StartType: Manual ServiceName: TrellixAuditManager Displayname: Trellix Audit Manager Service Status: Running StartType: Automatic ServiceName: TrellixDLPAgentService Displayname: Trellix DLP Endpoint Service Status: Running StartType: Automatic ServiceName: TrkWks Displayname: Distributed Link Tracking Client Status: Running StartType: Automatic ServiceName: TrustedInstaller Displayname: Windows Modules Installer Status: Running StartType: Automatic ServiceName: Tumbleweed Desktop Validator Displayname: Tumbleweed Desktop Validator Status: Running StartType: Automatic ServiceName: tzautoupdate Displayname: Auto Time Zone Updater Status: Stopped StartType: Disabled ServiceName: UALSVC Displayname: User Access Logging Service Status: Running StartType: Automatic ServiceName: UevAgentService Displayname: User Experience Virtualization Service Status: Stopped StartType: Disabled ServiceName: UI0Detect Displayname: Interactive Services Detection Status: Stopped StartType: Manual ServiceName: UmRdpService Displayname: Remote Desktop Services UserMode Port Redirector Status: Running StartType: Manual ServiceName: UnistoreSvc_2da7f023 Displayname: User Data Storage_2da7f023 Status: Stopped StartType: Manual ServiceName: upnphost Displayname: UPnP Device Host Status: Stopped StartType: Manual ServiceName: UserDataSvc_2da7f023 Displayname: User Data Access_2da7f023 Status: Stopped StartType: Manual ServiceName: UserManager Displayname: User Manager Status: Running StartType: Automatic ServiceName: UsoSvc Displayname: Update Orchestrator Service for Windows Update Status: Stopped StartType: Manual ServiceName: VaultSvc Displayname: Credential Manager Status: Running StartType: Manual ServiceName: vds Displayname: Virtual Disk Status: Stopped StartType: Manual ServiceName: vmicguestinterface Displayname: Hyper-V Guest Service Interface Status: Stopped StartType: Manual ServiceName: vmicheartbeat Displayname: Hyper-V Heartbeat Service Status: Running StartType: Manual ServiceName: vmickvpexchange Displayname: Hyper-V Data Exchange Service Status: Running StartType: Manual ServiceName: vmicrdv Displayname: Hyper-V Remote Desktop Virtualization Service Status: Running StartType: Manual ServiceName: vmicshutdown Displayname: Hyper-V Guest Shutdown Service Status: Running StartType: Manual ServiceName: vmictimesync Displayname: Hyper-V Time Synchronization Service Status: Stopped StartType: Manual ServiceName: vmicvmsession Displayname: Hyper-V PowerShell Direct Service Status: Stopped StartType: Manual ServiceName: vmicvss Displayname: Hyper-V Volume Shadow Copy Requestor Status: Running StartType: Manual ServiceName: VSS Displayname: Volume Shadow Copy Status: Running StartType: Manual ServiceName: W32Time Displayname: Windows Time Status: Running StartType: Automatic ServiceName: w3logsvc Displayname: W3C Logging Service Status: Stopped StartType: Manual ServiceName: W3SVC Displayname: World Wide Web Publishing Service Status: Running StartType: Automatic ServiceName: WalletService Displayname: WalletService Status: Stopped StartType: Manual ServiceName: WAS Displayname: Windows Process Activation Service Status: Running StartType: Manual ServiceName: WbioSrvc Displayname: Windows Biometric Service Status: Stopped StartType: Automatic ServiceName: Wcmsvc Displayname: Windows Connection Manager Status: Running StartType: Automatic ServiceName: WdiServiceHost Displayname: Diagnostic Service Host Status: Running StartType: Manual ServiceName: WdiSystemHost Displayname: Diagnostic System Host Status: Stopped StartType: Manual ServiceName: Wecsvc Displayname: Windows Event Collector Status: Stopped StartType: Manual ServiceName: WEPHOSTSVC Displayname: Windows Encryption Provider Host Service Status: Stopped StartType: Manual ServiceName: wercplsupport Displayname: Problem Reports and Solutions Control Panel Support Status: Stopped StartType: Manual ServiceName: WerSvc Displayname: Windows Error Reporting Service Status: Running StartType: Automatic ServiceName: WiaRpc Displayname: Still Image Acquisition Events Status: Stopped StartType: Manual ServiceName: WinHttpAutoProxySvc Displayname: WinHTTP Web Proxy Auto-Discovery Service Status: Running StartType: Manual ServiceName: Winmgmt Displayname: Windows Management Instrumentation Status: Running StartType: Automatic ServiceName: WinRM Displayname: Windows Remote Management (WS-Management) Status: Running StartType: Automatic ServiceName: wisvc Displayname: Windows Insider Service Status: Stopped StartType: Manual ServiceName: wlidsvc Displayname: Microsoft Account Sign-in Assistant Status: Stopped StartType: Manual ServiceName: wmiApSrv Displayname: WMI Performance Adapter Status: Running StartType: Manual ServiceName: WMSVC Displayname: Web Management Service Status: Running StartType: Automatic ServiceName: WPDBusEnum Displayname: Portable Device Enumerator Service Status: Stopped StartType: Manual ServiceName: WpnService Displayname: Windows Push Notifications System Service Status: Running StartType: Automatic ServiceName: WpnUserService_2da7f023 Displayname: Windows Push Notifications User Service_2da7f023 Status: Stopped StartType: Manual ServiceName: wsbexchange Displayname: Microsoft Exchange Server Extension for Windows Server Backup Status: Stopped StartType: Manual ServiceName: WSearch Displayname: Windows Search Status: Stopped StartType: Disabled ServiceName: wuauserv Displayname: Windows Update Status: Running StartType: Manual ServiceName: wudfsvc Displayname: Windows Driver Foundation - User-mode Driver Framework Status: Running StartType: Manual ServiceName: XblAuthManager Displayname: Xbox Live Auth Manager Status: Stopped StartType: Manual ServiceName: XblGameSave Displayname: Xbox Live Game Save Status: Stopped StartType: Manual Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP). Note: Required services will vary among organizations and will vary depending on the role of the individual system. Organizations will develop their own list of services, which will be documented and justified with the Information System Security Officer (ISSO). The site’s list will be provided for any security review. Services that are common to multiple systems can be addressed in one document. Exceptions for individual systems should be identified separately by system. Open a Windows PowerShell and enter the following command: Get-Service | Where-Object {$_.status -eq 'running'} Note: The command returns a list of installed services and the status of that service. If the services required are not documented in the EDSP, this is a finding. If any undocumented or unnecessary services are running, this is a finding.
Fix Text
Update the EDSP to specify the services required for the system to function. Remove or disable any services that are not required.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP). Determine if the directory Exchange is installed. Open Windows Explorer. Navigate to where Exchange is installed. If Exchange resides on a directory or partition other than that of the operating system and does not have other applications installed (unless approved by the Information System Security Officer [ISSO]), this is not a finding.
Fix Text
Update the EDSP with the location of where Exchange is installed. Install Exchange on a dedicated application directory or partition separate than that of the operating system.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: B552695B5132F2C9DD57BF8E8C53AC73BA1E25A0 ~~~~~ MONT-MB-002 AdminDisplayVersion: Version 15.1 (Build 2507.6) Comments |
|||||
Check Text
Determine the most current, approved service pack. Open the Exchange Management Shell and enter the following command: Get-ExchangeServer | fl Name, AdminDisplayVersion If the value of "AdminDisplayVersion" does not return the most current, approved service pack, this is a finding.
Fix Text
Install the most current, approved service pack.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: F45BB1BC0E19B53ED45593DC884B248549E33D73 ~~~~~ Default Web Site Binding: http (*:80:) Binding: net.tcp (808:*) Binding: net.msmq (localhost) Binding: msmq.formatname (localhost) Binding: net.pipe (*) Binding: http (127.0.0.1:80:) Binding: https (*:443:) Binding: https (127.0.0.1:443:) Comments |
|||||
Check Text
Open a Windows PowerShell Module and enter the following commands: Get-Website | Select Name Get-WebBinding -Name <'WebSiteName'> | Format-List If the Web binding values returned are not on standard port 80 for HTTP connections or port 443 for HTTPS connections, this is a finding. Note: This is excluding the Exchange Back End website which uses 81/444. Repeat the process for each website.
Fix Text
Configure web ports to be ports 80 and 443, as specified by PPSM standards.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: DAE62A699B21F03FF7E6F22DDB7071EF58DBDC8B ~~~~~ Malware Agent Enabled: False Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-TransportAgent "Malware Agent" If the value of "Enabled" is set to "True", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: & env:ExchangeInstallPath\Scripts\Disable-Antimalwarescanning.ps1
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 328145AC7C2623A6F0CA0A7CBEE7A8D4913D1B18 ~~~~~ MONT-MB-002 EncryptionRequired: True Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-RpcClientAccess | Select Server, Name, EncryptionRequired If the value of "EncryptionRequired" is not set to "True", this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-RpcClientAccess -Server <ServerName> -EncryptionRequired $true
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: F062B083353802FEED61813A94D6836C6989C745 ~~~~~ owa (Default Web Site) InternalUrl: https://mont-mb-002.montford-point.navy.mil/owa ExternalUrl is not configured. Comments |
|||||
Check Text
Open a Exchange Management Shell and enter the following command: Get-OwaVirtualDirectory | select internalurl, externalurl If the value returned is not https://, this is a finding.
Fix Text
Configure the OWA site to require SSL port 443.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 8437028AB0D66DFD05F9CF673925678D16CBF461 ~~~~~ MB-002-DefaultDB ProhibitSendReceiveQuota IsUnlimited: False [Expected True] Value: 2.3 GB (2,469,606,400 bytes) Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-MailboxDatabase | Select Name, Identity, ProhibitSendReceiveQuota If the value of "ProhibitSendReceiveQuota" is not set to "Unlimited", this is a finding. or If the value of "ProhibitSendReceiveQuota" is set to an alternate value and has signoff and risk acceptance in the EDSP, this is not a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-MailboxDatabase -Identity <'IdentityName'> -ProhibitSendReceiveQuota Unlimited Note: The <IdentityName> value must be in single quotes. or Enter the value as identified by the EDSP that has obtained a signoff with risk acceptance.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: E46671D88E7FAA88712CCF6E1323EC60845D75AA ~~~~~ MB-002-DefaultDB ProhibitSendQuota IsUnlimited: False Value: 2 GB (2,147,483,648 bytes) Comments |
|||||
Check Text
Review the Email Domain Security Plan (EDSP) or document that contains this information. Determine the value for the Prohibit Send Quota limit. Open the Exchange Management Shell and enter the following command: Get-MailboxDatabase | Select Name, Identity, ProhibitSendQuota If the value of "ProhibitSendQuota" is not set to the site's Prohibit Send Quota limit, this is a finding.
Fix Text
Update the EDSP to specify the value for the Prohibit Send Quota limit or verify that this information is documented by the organization. Open the Exchange Management Shell and enter the following command: Set-MailboxDatabase -Identity <'IdentityName'> -ProhibitSendQuota <'QuotaLimit'> Note: The <IdentityName> and <QuotaLimit> values must be in single quotes.