STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide

V-228359

CAT III (Low)

Exchange Audit record parameters must be set.

Rule ID

SV-228359r879559_rule

STIG

Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide

Version

V2R6

CCIs

CCI-000169

Discussion

Log files help establish a history of activities and can be useful in detecting attack attempts. This item declares the fields that must be available in the audit log file in order to adequately research events that are logged. Audit records should include the following fields to supply useful event accounting: Object modified, Cmdlet name, Cmdlet parameters, Modified parameters, Caller, Succeeded, and Originating server.

Check Content

Open the Exchange Management Shell and enter the following command:

Get-AdminAuditLogConfig | Select AdminAuditLogParameters

Note: The value of "*" indicates all parameters are being audited.

If the value of "AdminAuditLogParameters" is not set to "*", this is a finding.

Fix Text

Open the Exchange Management Shell and enter the following command:

Set-AdminAuditLogConfig -AdminAuditLogParameters *