UCF STIG Viewer Logo

Microsoft Outlook 2010 STIG


Date Finding Count (84)
2018-04-04 CAT I (High): 0 CAT II (Med): 84 CAT III (Low): 0
STIG Description
Settings in this guidance assume a complete installation of Microsoft Office 2010 on the Windows 7 Platform. Registry paths and values identified in each control assume the use of Group Policy Administrative Templates. Installations not using Group Policies to administer Microsoft Office products may observe alternate registry paths for stored configuration values.

Available Profiles

Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-17184 Medium Links that invoke instances of IE from within an Office product must be blocked.
V-17183 Medium Navigation to URL's embedded in Office products must be blocked.
V-26633 Medium Outlook Rich Text options must be set for converting to plain text format.
V-17575 Medium Trusted add-ins behavior for eMail must be configured.
V-17573 Medium Object Model Prompt behavior for Meeting and Task Responses must be configured.
V-17675 Medium Outlook Object Model scripts must be disallowed to run for public folders.
V-17777 Medium Upload method for publishing calendars to Office Online must be restricted.
V-17674 Medium Folders in non-default stores, set as folder home pages, must be disallowed.
V-17763 Medium Publishing calendars to Office Online must be prevented.
V-17601 Medium Level 1 attachment close behaviors must be configured.
V-17602 Medium Prompting behavior for Level 1 attachments on sending must be configured.
V-17760 Medium Outlook Security Mode must be configured to use Group Policy settings.
V-17587 Medium The "remember password" for internet e-mail accounts must be disabled.
V-17586 Medium Outlook Dial-up options to Warn user before allowing switch in dial-up access must be configured.
V-17585 Medium Dial-up and Hang up Options for Outlook must be configured.
V-17807 Medium Trust EMail from senders in receiver's contact list must be enforced.
V-17803 Medium Warning about invalid signatures must be enforced.
V-17734 Medium Authentication with Exchange Server must be required.
V-17733 Medium Attachments using generated name for secure temporary folders must be configured.
V-17572 Medium Object Model Prompt behavior for programmatic access of user address data must be configured.
V-17615 Medium RPC encryption between Outlook and Exchange server must be enforced.
V-17624 Medium Junk Mail UI must be configured.
V-26702 Medium Check e-mail addresses against addresses of certificates being used must be disallowed.
V-17570 Medium Object Model Prompt behavior for accessing User Property Formula must be configured.
V-17173 Medium Disable user name and password syntax from being used in URLs
V-17574 Medium Object Model Prompt for programmatic email send behavior must be configured.
V-17174 Medium Enabling IE Bind to Object functionality must be present.
V-17175 Medium Saved from URL mark to assure Internet zone processing must be enforced.
V-17778 Medium Retrieving of CRL data must be set for online action.
V-17546 Medium Access restriction settings for published calendars must be configured.
V-17562 Medium Scripts in One-Off Outlook forms must be disallowed.
V-17564 Medium IE Trusted Zones assumed 'trusted' must be blocked.
V-17787 Medium Run in FIPS compliant mode must be enforced.
V-17566 Medium The Add-In Trust Level must be configured.
V-17569 Medium Action to demote an EMail Level 1 attachment to Level 2 must be configured.
V-17568 Medium Object Model Prompt behavior for programmatic address books must be configured.
V-17755 Medium Message formats must be set to use SMime.
V-17678 Medium Do not include Internet Calendar Integration in Outlook must be enforced.
V-17571 Medium Object Model Prompt behavior for the SaveAs method must be configured.
V-17808 Medium RSS Feeds must be disallowed.
V-17634 Medium Intranet with Safe Zones for automatic picture downloads must be configured.
V-26635 Medium Outlook must be configured not to prompt users to choose security settings if default settings fail.
V-17771 Medium Read signed email as plain text must be enforced.
V-26637 Medium Replies or forwards to signed/encrypted messages must be signed/encrypted.
V-26636 Medium Outlook minimum encryption key length settings must be set.
V-17774 Medium Level 1 file extensions must be blocked and not removed.
V-17775 Medium Level 2 file extensions must be blocked and not removed.
V-17776 Medium Level of calendar details that a user can publish must be restricted.
V-26632 Medium Automatically downloading enclosures on RSS must be disallowed.
V-17806 Medium RSS feed synchronization with Common Feed List must be disallowed.
V-17753 Medium Outlook must be enforced as the default email, calendar, and contacts program.
V-26590 Medium Data Execution Prevention must be enforced.
V-17802 Medium Custom Outlook Object Model (OOM) action execution prompts must be configured.
V-17630 Medium Internet with Safe Zones for Picture Download must be disabled.
V-17610 Medium Disabling download full text of articles as HTML must be configured.
V-17944 Medium User Entries to Server List must be disallowed.
V-17770 Medium Read EMail as plain text must be enforced.
V-17613 Medium Hyperlinks in suspected phishing e-mail messages must be disallowed.
V-17738 Medium Automatic download of Internet Calendar appointment attachments must be disallowed.
V-17559 Medium Active X One-Off forms must be configured.
V-17766 Medium Users customizing attachment security settings must be prevented.
V-17739 Medium Automatic download content for email in Safe Senders list must be disallowed.
V-26634 Medium Default message format must be set to use Plain Text.
V-17671 Medium The ability to display level 1 attachments must be disallowed.
V-17558 Medium Recipients of sent email must be unable to be added to the safe sender's list.
V-17736 Medium Automatically configure user profile based on Active Directory primary SMTP address must be enforced.
V-17672 Medium External content and pictures in HTML eMail must be displayed.
V-17756 Medium Missing Root Certificates warning must be enforced.
V-17761 Medium Plain Text Options for outbound email must be configured.
V-17676 Medium Outlook Object Model scripts must be disallowed to run for shared folders.
V-41493 Medium Text in Outlook that represents Internet and network paths must not be automatically turned into hyperlinks.
V-17470 Medium Permit download of content from safe zones must be configured.
V-26588 Medium Scripted Window Security must be enforced.
V-17790 Medium S/Mime interoperability with external clients for message handling must be configured.
V-17798 Medium Always warn on untrusted macros must be enforced.
V-17800 Medium All signed messages as clear signed messages must be configured.
V-17812 Medium Dragging Unicode eMail messages to file system must be disallowed.
V-26586 Medium ActiveX Installs must be configured for proper restriction.
V-17762 Medium Publishing to a Web Distributed and Authoring (DAV) server must be prevented.
V-17795 Medium Automatic sending s/Mime receipt requests must be disallowed.
V-26587 Medium File Downloads must be configured for proper restrictions.
V-17673 Medium Digital signatures must be allowed.
V-26585 Medium Protection from zone elevation must be enforced.
V-26584 Medium Add-on Management functionality must be allowed.