V-228368
CAT IIExchange must protect audit data against unauthorized deletion.
- Ships Affected
- 1
- Total Findings
- 1
- Open
- 0
- Closed
- 0
Check Text
Review the Email Domain Security Plan (EDSP) or document that contains this information.
Determine the authorized groups or users that should have "Delete" permissions for the audit data.
If any group or user has "Delete" permissions for the audit data that is not documented in the EDSP, this is a finding.
Fix Text
Update the EDSP to specify the authorized groups or users that should have "Delete" permissions for the audit data or verify that this information is documented by the organization.
Restrict any unauthorized groups' or users' "Delete" permissions for the audit logs.
STIG Reference
- STIG
- Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide
- Version
- 2
- Release
- 6
- Rule ID
- SV-228368r879578_rule
All Occurrences
This vulnerability appears on 1 ship(s)
| Ship | Hull # | Source File | Status | Assigned To | Scan Date | Actions |
|---|---|---|---|---|---|---|
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_MSExchange2016MB_V2R6_20251023-152357.ckl | Unassigned | 2026-01-14T12:57:33.455034 | View in Context |