STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide

V-221204

CAT II (Medium)

Exchange must have accepted domains configured.

Rule ID

SV-221204r960801_rule

STIG

Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide

Version

V2R6

CCIs

CCI-001368

Discussion

Exchange may be configured to accept email for multiple domain names. This setting identifies the domains for which the server will accept mail. This check verifies the email server is not accepting email for unauthorized domains.

Check Content

Review the Email Domain Security Plan (EDSP).

Determine the Accepted Domain values.  

Open the Exchange Management Shell and enter the following command:
 
Get-AcceptedDomain | Select Name, DomainName, Identity, Default

If the value of "Default" is not set to "True", this is a finding.

or

If the "Default" value for "AcceptedDomains" is set to another value other than "True" and has signoff and risk acceptance in the EDSP, this is not a finding.

Fix Text

Update the EDSP.

Open the Exchange Management Shell and enter the following command:
 
Set-AcceptedDomain -Identity <'IdentityName'> -MakeDefault $true

Note: The <IdentityName> value must be in single quotes.