Checklist Summary:

The Microsoft Exchange Server Review targets conditions that undermine the integrity of security, contribute to inefficient security operations and administration, or may lead to interruption of production operations. The items reviewed are based on standards and practices published by Microsoft (the vendor), the Center for Internet Security (CIS) and other security guidance entities, following guidance published in the Department of Defense Instruction (DoDI) 8500.2 security controls. Defense Information Systems Agency (DISA) Field Security Operations (FSO) has assigned a level of urgency to each finding based on Chief Information Officer (CIO)-established criteria for Certification and Accreditation (C&A). All findings are based on regulations and guidelines. All findings require correction by the host organization.

Checklist Role:

• Enterprise Mail Server

Known Issues:

Not provided.

Target Audience:

System Administrators

Target Operational Environment:

• Managed

Testing Information:

Not provided.

Regulatory Compliance:

Department of Defense (DoD) Directive 8500.1

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

Not provided.

Product Support:

Not provided.

Point of Contact:

Not provided.

Sponsor:

Not provided.

Licensing:

Not provided.

Change History:

Version 1, Release 4 - 28 January 2011
Version 1, Release 3 - 25 June 2010
Version 1, Release 2 - 25 December 2009
Version 1, Release 1 - 8 June 2009
removing from public view - as it's no longer on the IASE website - 7/11/2016
Updated URLs - 6/26/19
updated URLs - 9/11/19

Dependency/Requirements:

URL	Description

References:

Reference URL	Description

NIST checklist record last modified on 09/11/2019