Exchange software must be monitored for unauthorized changes.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-228402	SRG-APP-000381	EX16-MB-000590	SV-228402r928977_rule	2023-12-18	2

Description
Monitoring software files for changes against a baseline on a regular basis may help detect the possible introduction of malicious code on a system.

ℹ️ Check
Review the Email Domain Security Plan (EDSP). Determine whether the site monitors system files (e.g., .exe, .bat, .com, .cmd, and *.dll) on servers for unauthorized changes against a baseline on a weekly basis. If software files are not monitored for unauthorized changes, this is a finding.

✔️ Fix
Update the EDSP to specify that the organization monitors system files on servers for unauthorized changes against a baseline on a weekly basis or verify that this information is documented by the organization. Monitor the software files (e.g., .exe, .bat, .com, .cmd, and *.dll) on Exchange servers for unauthorized changes against a baseline on a weekly basis. Note: This can be done with the use of various monitoring tools.

✔️ Fix

Update the EDSP to specify that the organization monitors system files on servers for unauthorized changes against a baseline on a weekly basis or verify that this information is documented by the organization. Monitor the software files (e.g., *.exe, *.bat, *.com, *.cmd, and *.dll) on Exchange servers for unauthorized changes against a baseline on a weekly basis. Note: This can be done with the use of various monitoring tools.