Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-17677 | DTOO263 - Outlook | SV-18850r1_rule | ECSC-1 | Medium |
Description |
---|
By default, when a user digitally signs a message, Outlook 2007 compares the user's e-mail address with the certificate used for signing. The user's e-mail address must appear in either the Subject field or the Subject Alternative Name field of the certificate, or Outlook will not allow the user to sign the message with that certificate. If this configuration is changed, users can send messages signed with certificates that do not match their e-mail addresses, which could cause problems when the recipient attempts to read the message or verify the signature. |
STIG | Date |
---|---|
Microsoft Outlook 2007 | 2015-09-17 |
Check Text ( C-18948r1_chk ) |
---|
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Security -> Cryptography “Do not check e-mail address against address of certificates being used” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Security Criteria: If the value SupressNameChecks is REG_DWORD = 1, this is not a finding. |
Fix Text (F-17575r1_fix) |
---|
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Security -> Cryptography “Do not check e-mail address against address of certificates being used” will be set to “Enabled”. |