Audilitics
Generic filters
Generic filters

1 – Microsoft Exchange 2016 Mailbox Server

Web Applications

← Go back

AID1
Severitymedium
Audit

Exchange must have Administrator audit logging enabled.

Guidance

Unauthorized or malicious data changes can compromise the integrity and usefulness of the data. Automated attacks or malicious users with elevated privileges have the ability to effect change using the same mechanisms as email administrators.

Auditing any changes to access mechanisms not only supports accountability and nonrepudiation for those authorized to define the environment but also enables investigation of changes made by others who may not be authorized.

Note: This administrator auditing feature audits all exchange changes regardless of the user's assigned role or permissions.

Recommendations

Open the Exchange Management Shell and enter the following command:

Set-AdminAuditLogConfig -AdminAuditLogEnabled $true

Procedure

Open the Exchange Management Shell and enter the following command:

Get-AdminAuditLogConfig | Select Name, AdminAuditLogEnabled

If the value of "AdminAuditLogEnabled" is not set to "True", this is a finding.

NIST SP 800-53

AC-2 (4)

STIGMicrosoft Exchange 2016 Mailbox Server Security Technical Implementation Guide :: Version 1, Release: 4 Benchmark Date: 25 Oct 2019

This entry has no reviews.

Review this entry

Your email address will not be published. Required fields are marked *

Please provide a rating

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Exchange 2016 Edge Transport Server

Pin It on Pinterest