V-228391
CAT IIExchange Internal Receive connectors must not allow anonymous connections.
- Ships Affected
- 1
- Total Findings
- 1
- Open
- 1
- Closed
- 0
Check Text
NOTE: In some instances, AnonymousUsers may be necessary for organization-specific operations. In such cases, allowing AnonymousUsers must be paired with restricting to specific lists of servers allowed to access. In addition, the risk must be documented and accepted by the ISSO, ISSM, or AO.
Open the Exchange Management Shell and enter the following command:
Get-ReceiveConnector | Select Name, Identity, PermissionGroups
For each Receive connector, if the value of "PermissionGroups" is "AnonymousUsers" for any receive connector, this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command:
Set-ReceiveConnector -Identity <'IdentityName'> -PermissionGroups and enter a valid value user group.
Note: The <IdentityName> value must be in single quotes.
Example: Set-ReceiveConnector -Identity <'IdentityName'> -PermissionGroups ExchangeUsers
Repeat the procedures for each Receive connector.
STIG Reference
- STIG
- Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide
- Version
- 2
- Release
- 6
- Rule ID
- SV-228391r879653_rule
All Occurrences
This vulnerability appears on 1 ship(s)
| Ship | Hull # | Source File | Status | Assigned To | Scan Date | Actions |
|---|---|---|---|---|---|---|
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_MSExchange2016MB_V2R6_20251023-152357.ckl | Unassigned | 2026-01-14T12:57:33.455034 | View in Context |