UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Missing Root Certificates warning must be enforced.


Overview

Finding ID Version Rule ID IA Controls Severity
V-17756 DTOO268 SV-54033r1_rule Medium
Description
When Outlook accesses a certificate, it validates that it can trust the certificate by examining the root certificate of the issuing CA. If the root certificate can be trusted, then certificates issued by the CA can also be trusted. If Outlook cannot find the root certificate, it cannot validate that any certificates issued by that CA can be trusted. An attacker may compromise a root certificate and then remove the certificate in an attempt to conceal the attack. By default, Outlook displays a warning message when a CRL is not available.
STIG Date
Microsoft Outlook 2013 STIG 2017-03-17

Details

Check Text ( C-47980r1_chk )
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Security -> Cryptography -> Signature Status dialog box "Missing root certificates" is set to "Enabled (Error)".

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\15.0\outlook\security

Criteria: If the value SigStatusNoTrustDecision is REG_DWORD = 2, this is not a finding.
Fix Text (F-46918r1_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Security -> Cryptography -> Signature Status dialog box "Missing root certificates" to "Enabled (Error)".