UCF STIG Viewer Logo

Microsoft Exchange 2010 Client Access Server Role


Date Finding Count (10)
2012-05-31 CAT I (High): 1 CAT II (Med): 8 CAT III (Low): 1
STIG Description
The Microsoft Exchange Server 2010 STIGs cover four of the five roles available with Microsoft Exchange Server 2010, plus core Exchange Server 2010 global requirements. The Email Services Policy STIG must also be reviewed for each site hosting email services. The core Exchange Server guidance must be reviewed on each server role prior to the role-specific guidance. Also, for the Client Access server, the IIS guidance must be reviewed prior to the OWA checks.

Available Profiles

Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
EXCH-CA-105 High Forms-based Authentication must not be used.
EXCH-CA-102 Medium The Microsoft Active Sync directory must be removed.
EXCH-CA-100 Medium Encryption must be used for RPC client access.
EXCH-CA-101 Medium Encryption must be used for OWA access.
EXCH-CA-106 Medium The Microsoft Exchange forms-based authentication service must be disabled.
EXCH-CA-107 Medium HTTP authenticated access must be set to Integrated Windows Authentication only.
EXCH-CA-104 Medium Web email must use standard ports and protocols.
EXCH-CA-108 Medium The Microsoft Exchange IMAP4 service must be disabled.
EXCH-CA-109 Medium The Microsoft Exchange POP3 service must be disabled.
EXCH-CA-103 Low The Public Folder virtual directory must be removed if not in use by the site.