U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Microsoft Exchange Server 2013 Y21M12 Checklist Details (Checklist Revisions)

Supporting Resources:


Target CPE Name
Microsoft Exchange Server 2013 cpe:/a:microsoft:exchange_server:2013 (View CVEs)

Checklist Highlights

Checklist Name:
Microsoft Exchange Server 2013
Checklist ID:
Review Status:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:

Checklist Summary:

The Microsoft Exchange 2013 Server Security Technical Implementation Guides, Edge Transport, Client Access, Mailbox, and Email Services Policy, are published as tools to improve the security of Department of Defense (DoD) information systems. These documents are meant for use in conjunction with the Windows Operating System (OS) STIG and any appropriate STIG(s) applicable to the system.

Checklist Role:

  • Enterprise Email Server

Known Issues:

Not Provided

Target Audience:

This document is a requirement for all DoD-administered systems and all systems connected to DoD networks, as addressed in the technology section. These requirements are designed to assist System Managers (SMs), Information Assurance Managers (IAMs), Information Assurance Officers (IAOs), and System Administrators (SAs) with configuring and maintaining security controls.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not Provided

Regulatory Compliance:

DoD Directive (DoDD) 8500.1


Not Provided


Not Provided

Product Support:


Point of Contact:



Not Provided


Not Provided

Change History:

moved to FINAL - 9/23/2016
Updated resource - 01/27/2017
Updated to FINAL - 03/08/2017
Updated Microsoft Exchange 2013 Mailbox STIG to Ver 1, Rel 2 - 04/24/2017
no change
Microsoft Exchange Server 2013
Updated URL to reflect change to the DISA website - http --> https
Updated MS Edge resource to Version 1, Release 3 - 10/25/18
Updated to FINAL - 11/26/18
updated to Version 1, Release 2 - 1/22/19
Updated to FINAL - 2/19/19
updated 2 resource links - edge transport - v1,r5 and mailbox - v1,r4 - 4/30/19
Updated URLs - 6/5/19
updated URLs - 11/1/19
updated to V1, R6 - removed reference link per DISA - 1/17/2020
updated URLs per DISA - 1/21/2020
Updated resource per DISA - 1/27/21
updated URLs - 1/14/2022


URL Description


Reference URL Description

NIST checklist record last modified on 01/14/2022