UCF STIG Viewer Logo

RPC encryption between Outlook and Exchange server must be enforced.


Overview

Finding ID Version Rule ID IA Controls Severity
V-17615 DTOO279 - Outlook SV-33493r1_rule Medium
Description
The remote procedure call (RPC) communication channel between an Outlook client computer and an Exchange server is not encrypted. If a malicious person is able to eavesdrop on the network traffic between Outlook and the server, they might be able to access confidential information.
STIG Date
Microsoft Outlook 2010 STIG 2018-04-04

Details

Check Text ( C-33976r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> Exchange “Enable RPC encryption” must be set to “Enabled”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\14.0\outlook\rpc

Criteria: If the value EnableRPCEncryption is REG_DWORD = 1, this is not a finding.
Fix Text (F-29660r1_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> Exchange “Enable RPC encryption” to “Enabled”.