UCF STIG Viewer Logo

Microsoft Outlook 2016 STIG


Overview

Date Finding Count (58)
2016-07-28 CAT I (High): 0 CAT II (Med): 58 CAT III (Low): 0
STIG Description
The Microsoft Outlook 2016 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-71193 Medium Trusted add-ins behavior for email must be configured.
V-71239 Medium Automatic download content for email in Safe Senders list must be disallowed.
V-71195 Medium S/Mime interoperability with external clients for message handling must be configured.
V-71235 Medium Retrieving of CRL data must be set for online action.
V-71237 Medium External content and pictures in HTML email must be displayed.
V-71231 Medium Send all signed messages as clear signed messages must be configured.
V-71233 Medium Automatic sending s/Mime receipt requests must be disallowed.
V-71115 Medium Navigation to URLs embedded in Office products must be blocked.
V-71133 Medium Level of calendar details that a user can publish must be restricted.
V-71229 Medium Run in FIPS compliant mode must be enforced.
V-71259 Medium Disabling download full text of articles as HTML must be configured.
V-71135 Medium Access restriction settings for published calendars must be configured.
V-71271 Medium Outlook must be configured not to prompt users to choose security settings if default settings fail.
V-71255 Medium Outlook must be configured to force authentication when connecting to an Exchange server.
V-71171 Medium Object Model Prompt behavior for programmatic address books must be configured.
V-71253 Medium RPC encryption between Outlook and Exchange server must be enforced.
V-71273 Medium Outlook minimum encryption key length settings must be set.
V-71251 Medium Hyperlinks in suspected phishing email messages must be disallowed.
V-71155 Medium Users customizing attachment security settings must be prevented.
V-71157 Medium Outlook Security Mode must be configured to use Group Policy settings.
V-71151 Medium The Add-In Trust Level must be configured.
V-71179 Medium Object Model Prompt behavior for accessing User Property Formula must be configured.
V-71111 Medium The Internet Explorer Bind to Object functionality must be enabled.
V-71113 Medium The Saved from URL mark must be selected to enforce Internet zone processing.
V-71123 Medium File Downloads must be configured for proper restrictions.
V-71159 Medium The ability to display level 1 attachments must be disallowed.
V-71117 Medium Scripted Window Security must be enforced.
V-71277 Medium Check e-mail addresses against addresses of certificates being used must be disallowed.
V-71267 Medium Automatically downloading enclosures on RSS must be disallowed.
V-71265 Medium User Entries to Server List must be disallowed.
V-71263 Medium Internet calendar integration in Outlook must be disabled.
V-71261 Medium Automatic download of Internet Calendar appointment attachments must be disallowed.
V-71275 Medium Replies or forwards to signed/encrypted messages must be signed/encrypted.
V-71227 Medium Message formats must be set to use SMime.
V-71125 Medium Protection from zone elevation must be enforced.
V-71127 Medium ActiveX installs must be configured for proper restrictions.
V-71121 Medium Links that invoke instances of Internet Explorer from within an Office product must be blocked.
V-71249 Medium Always warn on untrusted macros must be enforced.
V-71173 Medium Object Model Prompt behavior for programmatic access of user address data must be configured.
V-71245 Medium Internet with Safe Zones for Picture Download must be disabled.
V-71247 Medium Intranet with Safe Zones for automatic picture downloads must be configured.
V-71129 Medium Publishing calendars to Office Online must be prevented.
V-71241 Medium Permit download of content from safe zones must be configured.
V-71243 Medium IE Trusted Zones assumed trusted must be blocked.
V-71161 Medium Level 1 file extensions must be blocked and not removed.
V-71145 Medium Outlook Object Model scripts must be disallowed to run for shared folders.
V-71165 Medium Scripts in One-Off Outlook forms must be disallowed.
V-71119 Medium Add-on Management functionality must be allowed.
V-71167 Medium Custom Outlook Object Model (OOM) action execution prompts must be configured.
V-71169 Medium Object Model Prompt for programmatic email send behavior must be configured.
V-71153 Medium The remember password for internet e-mail accounts must be disabled.
V-71175 Medium Object Model Prompt behavior for Meeting and Task Responses must be configured.
V-71149 Medium ActiveX One-Off forms must be configured.
V-71147 Medium Outlook Object Model scripts must be disallowed to run for public folders.
V-71163 Medium Level 2 file extensions must be blocked and not removed.
V-71109 Medium Disabling of user name and password syntax from being used in URLs must be enforced.
V-71131 Medium Publishing to a Web Distributed and Authoring (DAV) server must be prevented.
V-71177 Medium Object Model Prompt behavior for the SaveAs method must be configured.