Users customizing attachment security settings must be prevented.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-17766	DTOO238 - Outlook	SV-33525r1_rule		Medium

Description
All installed trusted COM addins can be trusted. Exchange Settings for the addins still override if present and this option is selected

STIG	Date
Microsoft Outlook 2010 STIG	2018-04-04

Details

Check Text ( C-34012r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security “Prevent users from customizing attachment security settings” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook Criteria: If the value DisallowAttachmentCustomization is REG_DWORD = 1, this is not a finding.

Check Text ( C-34012r1_chk )

The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security “Prevent users from customizing attachment security settings” must be set to “Enabled”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\14.0\outlook

Criteria: If the value DisallowAttachmentCustomization is REG_DWORD = 1, this is not a finding.

Fix Text (F-29700r1_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security “Prevent users from customizing attachment security settings” to “Enabled”.