UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Microsoft Outlook 2013 STIG


Overview

Date Finding Count (82)
2016-06-06 CAT I (High): 0 CAT II (Med): 82 CAT III (Low): 0
STIG Description
The Microsoft Outlook 2013 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Classified)

Finding ID Severity Title
V-17184 Medium Links that invoke instances of Internet Explorer from within an Office product must be blocked.
V-17183 Medium Navigation to URLs embedded in Office products must be blocked.
V-26633 Medium Outlook Rich Text options must be set for converting to plain text format.
V-17573 Medium Object Model Prompt behavior for Meeting and Task Responses must be configured.
V-17675 Medium Outlook Object Model scripts must be disallowed to run for public folders.
V-17777 Medium Upload method for publishing calendars to Office Online must be restricted.
V-17674 Medium Folders in non-default stores, set as folder home pages, must be disallowed.
V-17763 Medium Publishing calendars to Office Online must be prevented.
V-17601 Medium The prompt to display level 1 attachments must be disallowed when closing an item.
V-17602 Medium The prompt to display level 1 attachments must be disallowed when sending an item.
V-17760 Medium Outlook Security Mode must be configured to use Group Policy settings.
V-17587 Medium The remember password for internet e-mail accounts must be disabled.
V-17766 Medium Users customizing attachment security settings must be prevented.
V-26625 Medium Outlook 2013 application must be prevented from loading any custom user interface (UI) code.
V-17803 Medium Warning about invalid signatures must be enforced.
V-17734 Medium Outlook must be configured to force authentication when connecting to an Exchange server.
V-17733 Medium Attachments using generated name for secure temporary folders must be configured.
V-17572 Medium Object Model Prompt behavior for programmatic access of user address data must be configured.
V-17615 Medium RPC encryption between Outlook and Exchange server must be enforced.
V-17624 Medium Junk Mail UI must be configured.
V-26702 Medium Check e-mail addresses against addresses of certificates being used must be disallowed.
V-17570 Medium Object Model Prompt behavior for accessing User Property Formula must be configured.
V-17173 Medium Disabling of user name and password syntax from being used in URLs must be enforced.
V-17574 Medium Object Model Prompt for programmatic email send behavior must be configured.
V-17174 Medium The Internet Explorer Bind to Object functionality must be enabled.
V-17175 Medium The Saved from URL mark must be selected to enforce Internet zone processing.
V-17778 Medium Retrieving of CRL data must be set for online action.
V-17546 Medium Access restriction settings for published calendars must be configured.
V-17562 Medium Scripts in One-Off Outlook forms must be disallowed.
V-17564 Medium IE Trusted Zones assumed trusted must be blocked.
V-17787 Medium Run in FIPS compliant mode must be enforced.
V-17566 Medium The Add-In Trust Level must be configured.
V-17569 Medium Action to demote an EMail Level 1 attachment to Level 2 must be configured.
V-17568 Medium Object Model Prompt behavior for programmatic address books must be configured.
V-17755 Medium Message formats must be set to use SMime.
V-17807 Medium Trust EMail from senders in receivers contact list must be enforced.
V-17571 Medium Object Model Prompt behavior for the SaveAs method must be configured.
V-17678 Medium Internet calendar integration in Outlook must be disabled.
V-17634 Medium Intranet with Safe Zones for automatic picture downloads must be configured.
V-26635 Medium Outlook must be configured not to prompt users to choose security settings if default settings fail.
V-17771 Medium Read signed email as plain text must be enforced.
V-26637 Medium Replies or forwards to signed/encrypted messages must be signed/encrypted.
V-26636 Medium Outlook minimum encryption key length settings must be set.
V-17774 Medium Level 1 file extensions must be blocked and not removed.
V-17775 Medium Level 2 file extensions must be blocked and not removed.
V-17776 Medium Level of calendar details that a user can publish must be restricted.
V-26632 Medium Automatically downloading enclosures on RSS must be disallowed.
V-17806 Medium RSS feed synchronization with Common Feed List must be disallowed.
V-17753 Medium Outlook must be enforced as the default email, calendar, and contacts program.
V-17802 Medium Custom Outlook Object Model (OOM) action execution prompts must be configured.
V-17630 Medium Internet with Safe Zones for Picture Download must be disabled.
V-17610 Medium Disabling download full text of articles as HTML must be configured.
V-17944 Medium User Entries to Server List must be disallowed.
V-17770 Medium Read EMail as plain text must be enforced.
V-17613 Medium Hyperlinks in suspected phishing email messages must be disallowed.
V-17738 Medium Automatic download of Internet Calendar appointment attachments must be disallowed.
V-17575 Medium Trusted add-ins behavior for email must be configured.
V-17808 Medium RSS Feeds must be disallowed.
V-17739 Medium Automatic download content for email in Safe Senders list must be disallowed.
V-26634 Medium Default message format must be set to use Plain Text.
V-17671 Medium The ability to display level 1 attachments must be disallowed.
V-17558 Medium Recipients of sent email must be unable to be added to the safe senders list.
V-17673 Medium The ability to add signatures to email messages must be allowed.
V-17672 Medium External content and pictures in HTML email must be displayed.
V-17756 Medium Missing Root Certificates warning must be enforced.
V-17761 Medium Plain Text Options for outbound email must be configured.
V-17676 Medium Outlook Object Model scripts must be disallowed to run for shared folders.
V-41492 Medium The use of the weather bar in Outlook must be disabled
V-41493 Medium Text in Outlook that represents Internet and network paths must not be automatically turned into hyperlinks.
V-17470 Medium Permit download of content from safe zones must be configured.
V-26588 Medium Scripted Window Security must be enforced.
V-17790 Medium S/Mime interoperability with external clients for message handling must be configured.
V-17798 Medium Always warn on untrusted macros must be enforced.
V-17800 Medium Send all signed messages as clear signed messages must be configured.
V-17812 Medium Dragging Unicode email messages to file system must be disallowed.
V-26586 Medium ActiveX installs must be configured for proper restrictions.
V-17762 Medium Publishing to a Web Distributed and Authoring (DAV) server must be prevented.
V-17795 Medium Automatic sending s/Mime receipt requests must be disallowed.
V-26587 Medium File Downloads must be configured for proper restrictions.
V-17559 Medium ActiveX One-Off forms must be configured.
V-26585 Medium Protection from zone elevation must be enforced.
V-26584 Medium Add-on Management functionality must be allowed.