RSS Feeds must be disallowed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-17808 | DTOO282 | SV-54055r2_rule | ECSC-1 | Medium |
| Description |
|---|
| Users can subscribe to RSS feeds from within Outlook and read RSS items like email messages. If an organization has policies that govern the use of external resources such as RSS feeds, allowing users to subscribe to the RSS feed in Outlook will enable them to violate those policies. |
| STIG | Date |
|---|---|
| Microsoft Outlook 2013 STIG | 2015-12-10 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-46935r2_fix) |
|---|
| NOTE: If the use of RSS feeds integrated into Outlook is a mission need, and the network environment is configured with the following criteria: 1. Both the website issuing the RSS feeds and the Outlook email client must have an available network path to each other. 2. Neither the website issuing the RSS feeds nor the Outlook email client has a network path to the public Internet. Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Account Settings -> RSS Feeds "Turn off RSS feature" to "Enabled". For all environments where the Outlook email clients have access to public Internet websites, RSS integration into Outlook is not permitted, and should be configured as follows: ================================= Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Account Settings -> RSS Feeds "Turn off RSS feature" to "Enabled". |