Microsoft Exchange 2010 STIG Version 1 Release 6 Checklist Details (Checklist Revisions)

Supporting Resources:


Target CPE Name
Microsoft Exchange Server 2010 cpe:/a:microsoft:exchange_server:2010 (View CVEs)

Checklist Highlights

Checklist Name:
Microsoft Exchange 2010 STIG
Checklist ID:
Version 1 Release 6
Review Status:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:

Checklist Summary:

Email systems are comprised of multiple products and services working together to enable transport and delivery of messages to users. This overview gives technology-specific background and information specific to Microsoft Exchange email servers. Included also are security review considerations to prepare for periodic assessments. The associated Security Technical Implementation Guide (STIG), provides security policy and configuration requirements for the Microsoft Exchange Server 2010 application. The Microsoft Exchange Server 2010 STIG includes four of the five roles available with Microsoft Exchange Server (Client Access, Mailbox, Hub Transport, and Edge Transport). The remaining role (Unified Messaging) is not included in this revision.

Checklist Role:

  • Enterprise Mail Server

Known Issues:

Not provided.

Target Audience:

This document is a requirement for all DoD-administered systems and all systems connected to DoD networks, as addressed in the technology section. These requirements are designed to assist System Managers (SMs), Information Assurance Managers (IAMs), Information Assurance Officers (IAOs), and System Administrators (SAs) with configuring and maintaining security controls.

Target Operational Environment:

  • Managed

Testing Information:

Not provided.

Regulatory Compliance:

DoD Directive (DoDD) 8500.1


Not provided.


Not provided.

Product Support:

Not provided.

Point of Contact:

Comments or proposed revisions to this document should be sent via email to the following address: DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.


Not provided.


Not provided.

Change History:

Version 1, Release 5 - 25 April 2014
Version 1, Release 4 - 24 January 2014
Version 1, Release 3 - 25 October 2013
Version 1, Release 2 - 25 July 2013
Version 1, Release 1 - 17 December 2012
Version 1, Release 6 - 30 October 2014
Updated status to "Final" - 15 January 2015
Updated URL to reflect change to the DISA website - http --> https
Updated URLs - 6/7/19


URL Description Microsoft Exchange 2010 STIG Release Memo


Reference URL Description

NIST checklist record last modified on 12/12/2019