UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Configure S/Mime password setting - default S/Mime password time


Overview

Finding ID Version Rule ID IA Controls Severity
V-17791 DTOO258 - Outlook SV-19012r1_rule ECSC-1 Medium
Description
Key Management Server (KMS) was a product that could be integrated with certain versions of Microsoft Exchange Server prior to Exchange 2000 SP2. Users must supply a password to use certificates issued by KMS to sign or decrypt e-mail messages. When Outlook 2007 prompts users for the correct password, they can specify a length of time in minutes for Outlook to cache the password. Users will not be prompted to continually reenter the password during the specified time period. By default, Outlook remembers KMS passwords for 30 minutes, which users can change to any number of minutes up to 300. The longer the period of time a user specifies, the greater the chance that an unauthorized person can use the user's computer to access sensitive information.
STIG Date
Microsoft Outlook 2007 2015-06-11

Details

Check Text ( C-19044r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Security -> Cryptography “S/MIME password settings” will be set to “Enabled” and Default S/MIME password time will be set to 30.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Cryptography\Defaults\Provider\ Microsoft Exchange Cryptographic Provider v1.0

Criteria: If the value DefPwdTime is REG_DWORD = 1e (hex) or 30 (decimal), this is not a finding.
Fix Text (F-17691r1_fix)
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Security -> Cryptography “S/MIME password settings” will be set to “Enabled” and Default S/MIME password time will be set to 30.