STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Microsoft Exchange 2019 Edge Server Security Technical Implementation Guide

V-259577

CAT II (Medium)

SchUseStrongCrypto must be enabled.

Rule ID

SV-259577r960759_rule

STIG

Microsoft Exchange 2019 Edge Server Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-000068

Discussion

Exchange Server 2019 is configured by default with TLS 1.2. However, SchUseStrongCrypto is not set by default and must be configured to meet the TLS requirement. The strong cryptography (configured by the SchUseStrongCrypto registry value) uses more secure network protocols (TLS 1.2, TLS 1.1, and TLS 1.0) and blocks protocols that are not secure. SchUseStrongCrypto affects only client (outgoing) connections in the application.

Check Content

In a PowerShell window, run the following commands:

Get-ItemProperty HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319

If the value "SchUseStrongCrypto" is not present and set to 1, this is a finding.

Fix Text

In a PowerShell window with elevated privileges, run the following commands:

reg add HKLM\SOFTWARE\Microsoft\.NetFramework\v4.0.30319 /v "SchUseStrongCrypto" /t REG_DWORD /d 1

reg add HKLM\SOFTWARE\WoW6432Node\Microsoft\.NetFramework\v4.0.30319 /v "SchUseStrongCrypto" /t REG_DWORD /d 1

This will create the value within the necessary key and set the data to 1.