Default message format must be set to use Plain Text.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-26634	DTOO314	SV-54062r1_rule	ECSC-1	Medium

Description
Outlook uses HTML as the default email format. HTML format poses a security risk by embedding information into the email itself, which could allow for release of sensitive information. If a user attempted to insert an HTML link into an email message, the link itself may direct to a malicious website. By sending in that format, the recipient would be subject to becoming infected by the malicious website.

Description

Outlook uses HTML as the default email format. HTML format poses a security risk by embedding information into the email itself, which could allow for release of sensitive information. If a user attempted to insert an HTML link into an email message, the link itself may direct to a malicious website. By sending in that format, the recipient would be subject to becoming infected by the malicious website.

STIG	Date
Microsoft Outlook 2013 STIG	2015-07-24

Details

Check Text ( None )
None

Fix Text (F-46942r1_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Outlook Options -> Mail Format -> Internet Formatting -> Message Format "Set message format" to "Enabled: Plain Text".