U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

  1. Checklist Repository

CIS Exchange Server 2003 Benchmark v1.0.0 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
Microsoft Exchange Server 2003 cpe:/a:microsoft:exchange_server:2003 (View CVEs)

Checklist Highlights

Checklist Name:
CIS Exchange Server 2003 Benchmark
Checklist ID:
31
Version:
v1.0.0
Type:
Compliance
Review Status:
Archived
Authority:
Third Party: Center for Internet Security (CIS)
Original Publication Date:
12/01/2007

Checklist Summary:

The purpose of this guide is to provide the reader with security configuration guidance for Microsoftâ??s Exchange Server 2003. Furthermore, it is assumed that the underlying operating system is Microsoftâ??s Windows Server 2003. The recommendations contained herein have been tested on a Windows Server 2003-based platform. Although most of the recommendations will apply even if Exchange is loaded over a different Windows OS, no statements regarding security or operability can be made for other platform configurations.

Checklist Role:

  • Enterprise Email Server

Known Issues:

This document is only a guide containing recommended security settings. It is not meant to replace well-structured policy or sound judgment. Furthermore, this guide does not address site-specific configuration issues. The security changes described in this document only apply to Microsoft Windows NT 4.0 Service Pack 6a systems and should not be applied to any other Windows NT versions or operating systems. You can severely impair or disable a Windows NT system with incorrect changes or accidental deletions when using programs (examples: Security Configuration Manager, Regedt32.exe, and Regedit.exe) to change the system configuration. Therefore, it is extremely important to test all settings recommended in this guide before installing them on an operational network.

Target Audience:

This document is intended for system administrators, but should be read by anyone involved with or interested in installing and/or configuring Exchange. We assume that the reader is a knowledgeable system administrator. In the context of this document, a knowledgeable system administrator is defined as someone who can create and manage accounts and groups, understands how operating systems perform access control, understands how to set account policies and user rights, is familiar with how to set up auditing and read audit logs, and can configure other similar system-related functionality. Additionally, it is assumed that the reader is a competent Exchange administrator.

Target Operational Environment:

  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

Not provided.

Comments/Warnings/Miscellaneous:

Refer to Known Issues.

Disclaimer:

Differs for Public and Private consumers, please read disclaimer information from the CIS web site located at: http://www.cisecurity.org/sub_form.html

Product Support:

Not provided.

Point of Contact:

http://www.cisecurity.org/

Sponsor:

Not provided.

Licensing:

Differs for Public and Private consumers, please read licensing information from the CIS web site located at: http://www.cisecurity.org/sub_form.html

Change History: 

Updated URL - 7/26/19
Archive - 8/31/23
updated to ARCHIVE - 10/2/2023

Dependency/Requirements:

URL Description

References:

Reference URL Description

NIST checklist record last modified on 10/02/2023