Audits for MS Exchange 2013 and 2016

Summary

Microsoft Exchange remains one of the most widely adopted email and calendar solutions in use. The complexity of various deployments is such that establishing a secure baseline configuration, based on industry leading guidance, is challenging but essential. CIS and DISA have issued guidance on hardening and auditing of these deployments and Tenable has developed plugin enhancements and .audits to support this guidance. 

CIS Benchmarks

• CIS Microsoft Exchange Server 2016 Benchmark v1.0.0
• CIS Microsoft Exchange Server 2013 Benchmark v1.1.0

DISA STIGs 

• Microsoft Exchange 2013 Client Access STIG - Ver 1, Rel 2 
• Microsoft Exchange 2013 Edge Transport Server STIG - Ver 1, Rel 5 
• Microsoft Exchange 2013 Mailbox STIG - Ver 1, Rel 4
• Microsoft Exchange 2016 Edge Transport Server STIG Ver 1, Rel 2
• Microsoft Exchange 2016 Mailbox Server STIG Ver 1, Rel 2.

Plugins Released / Updated

21156 - Windows Compliance

Target Release Date

1 July 2019

Usage Overview and How to Get Started

Please refer to the following Tenable Blog post for details about configuring and using the MS Exchange Audits.

Summary:

Auditing an Exchange Environment with Tenable.io and Nessus requires a little bit of extra setup but allows for a secure and automated method for evaluating your organization’s compliance. Exposing Exchange specific cmdlets allows for much more accurate auditing of the environment, with a direct correlation to industry guidance. At Tenable, we regularly update our policy compliance audits to match the newest versions by Center for Internet Security (CIS) and Defense Information Systems Agency (DISA).

__________________________________

Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.