Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-17792 | DTOO259 - Office | SV-19014r1_rule | Medium |
Description |
---|
Key Management Server (KMS) was a product that could be integrated with certain versions of Microsoft Exchange Server prior to Exchange 2000 SP2. Users must supply a password to use certificates issued by KMS to sign or decrypt e-mail messages. When Outlook 2007 prompts users for the correct password, they can specify a length of time in minutes for Outlook to cache the password. Users will not be prompted to continually reenter the password during the specified time period. By default, Outlook remembers KMS passwords for 30 minutes, which users can change to any number of minutes up to 300. The longer the period of time a user specifies, the greater the chance that an unauthorized person can use the user's computer to access sensitive information. |
STIG | Date |
---|---|
Microsoft Outlook 2007 | 2015-09-17 |
Check Text ( C-19045r1_chk ) |
---|
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Security -> Cryptography “S/MIME password settings” will be set to “Enabled” and Maximum S/MIME password time will be set to 300. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Cryptography\Defaults\Provider\ Microsoft Exchange Cryptographic Provider v1.0 Criteria: If the value MaxPwdTime is REG_DWORD = 12c (hex) or 300 (decimal), this is not a finding. |
Fix Text (F-17692r1_fix) |
---|
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Security -> Cryptography “S/MIME password settings” will be set to “Enabled” and Maximum S/MIME password time will be set to 300. |