More than one Edge server must be deployed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-259596 | EX19-ED-000109 | SV-259596r961152_rule | CCI-001094 | medium |
| Description | ||||
| To ensure hostile insiders are unable to easily commit DoS attacks and reduce the effectiveness of mail flow throughout the environment, a second Edge server is deployed to allow for multiple paths of mail flow both internally and externally into the environment. This prevents a single point-of-failure and allows for service to continue in the event of a DoS attack targeting one Edge role. | ||||
| STIG | Date | |||
| Microsoft Exchange 2019 Edge Server Security Technical Implementation Guide | 2024-12-06 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
SC-5(1)
1.00
- DISA · V2R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-001094
1.00
- DISA · V2R2 · disa_xccdf · related
Details
Check Text (C-259596r961152_chk)
Review the EDSP for current configuration.
On the mailbox server, open a PowerShell prompt and run the following command:
Get-EdgeSubscription
If there is only one subscription on each server, this is a finding.
Fix Text (F-63243r942101_fix)
At a minimum, a second server must be deployed and subscribed to.