STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide

V-228355

CAT II (Medium)

Exchange servers must use approved DoD certificates.

Rule ID

SV-228355r879530_rule

STIG

Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide

Version

V2R6

CCIs

CCI-000213

Discussion

Server certificates are required for many security features in Exchange; without them, the server cannot engage in many forms of secure communication. Failure to implement valid certificates makes it virtually impossible to secure Exchange's communications.

Check Content

Open the Exchange Management Shell and enter the following command:

Get-ExchangeCertificate | Select CertificateDomains, issuer

If the value of "CertificateDomains" does not indicate it is issued by the DoD, this is a finding.

Fix Text

Remove the non-DoD certificate and import the correct DoD certificates.