Configure S/Mime password setting - default S/Mime password time

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-17791	DTOO258 - Outlook	SV-19012r1_rule	ECSC-1	Medium

Description
Key Management Server (KMS) was a product that could be integrated with certain versions of Microsoft Exchange Server prior to Exchange 2000 SP2. Users must supply a password to use certificates issued by KMS to sign or decrypt e-mail messages. When Outlook 2007 prompts users for the correct password, they can specify a length of time in minutes for Outlook to cache the password. Users will not be prompted to continually reenter the password during the specified time period. By default, Outlook remembers KMS passwords for 30 minutes, which users can change to any number of minutes up to 300. The longer the period of time a user specifies, the greater the chance that an unauthorized person can use the user's computer to access sensitive information.

Description

Key Management Server (KMS) was a product that could be integrated with certain versions of Microsoft Exchange Server prior to Exchange 2000 SP2. Users must supply a password to use certificates issued by KMS to sign or decrypt e-mail messages. When Outlook 2007 prompts users for the correct password, they can specify a length of time in minutes for Outlook to cache the password. Users will not be prompted to continually reenter the password during the specified time period. By default, Outlook remembers KMS passwords for 30 minutes, which users can change to any number of minutes up to 300. The longer the period of time a user specifies, the greater the chance that an unauthorized person can use the user's computer to access sensitive information.

STIG	Date
Microsoft Outlook 2007	2015-09-17

Details

Check Text ( C-19044r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Security -> Cryptography “S/MIME password settings” will be set to “Enabled” and Default S/MIME password time will be set to 30. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Cryptography\Defaults\Provider\ Microsoft Exchange Cryptographic Provider v1.0 Criteria: If the value DefPwdTime is REG_DWORD = 1e (hex) or 30 (decimal), this is not a finding.

Check Text ( C-19044r1_chk )

The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Security -> Cryptography “S/MIME password settings” will be set to “Enabled” and Default S/MIME password time will be set to 30.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Cryptography\Defaults\Provider\ Microsoft Exchange Cryptographic Provider v1.0

Criteria: If the value DefPwdTime is REG_DWORD = 1e (hex) or 30 (decimal), this is not a finding.

Fix Text (F-17691r1_fix)
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Security -> Cryptography “S/MIME password settings” will be set to “Enabled” and Default S/MIME password time will be set to 30.