Do not check eMail address against address of certificates being used

Do not check eMail address against address of certificates being used - Outlook

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-17677	DTOO263 - Outlook	SV-18850r1_rule	ECSC-1	Medium

Description
By default, when a user digitally signs a message, Outlook 2007 compares the user's e-mail address with the certificate used for signing. The user's e-mail address must appear in either the Subject field or the Subject Alternative Name field of the certificate, or Outlook will not allow the user to sign the message with that certificate. If this configuration is changed, users can send messages signed with certificates that do not match their e-mail addresses, which could cause problems when the recipient attempts to read the message or verify the signature.

Description

By default, when a user digitally signs a message, Outlook 2007 compares the user's e-mail address with the certificate used for signing. The user's e-mail address must appear in either the Subject field or the Subject Alternative Name field of the certificate, or Outlook will not allow the user to sign the message with that certificate. If this configuration is changed, users can send messages signed with certificates that do not match their e-mail addresses, which could cause problems when the recipient attempts to read the message or verify the signature.

STIG	Date
Microsoft Outlook 2007	2014-10-03

Details

Check Text ( C-18948r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Security -> Cryptography “Do not check e-mail address against address of certificates being used” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Security Criteria: If the value SupressNameChecks is REG_DWORD = 1, this is not a finding.

Check Text ( C-18948r1_chk )

The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Security -> Cryptography “Do not check e-mail address against address of certificates being used” will be set to “Enabled”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Security

Criteria: If the value SupressNameChecks is REG_DWORD = 1, this is not a finding.

Fix Text (F-17575r1_fix)
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Security -> Cryptography “Do not check e-mail address against address of certificates being used” will be set to “Enabled”.