Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Enable RPC encryption between Outook and Exchange server.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-17615 | DTOO279 - Outlook | SV-18752r1_rule | ECSC-1 | Medium |
| Description |
|---|
| By default, the remote procedure call (RPC) communication channel between an Outlook 2007 client computer and an Exchange server is not encrypted. If a malicious person is able to eavesdrop on the network traffic between Outlook and the server, they might be able to access confidential information. |
| STIG | Date |
|---|---|
| Microsoft Outlook 2007 | 2014-10-03 |
Details
| Check Text ( C-18912r1_chk ) |
|---|
| The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Tools \ Account Settings -> Exchange “Enable RPC encryption” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\RPC Criteria: If the value EnableRPCEncryption is REG_DWORD = 1, this is not a finding. |
| Fix Text (F-17529r1_fix) |
|---|
| The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Tools \ Account Settings -> Exchange “Enable RPC encryption” will be set to “Enabled”. |