UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Microsoft Outlook 2016 Security Technical Implementation Guide


Overview

Date Finding Count (61)
2016-11-02 CAT I (High): 0 CAT II (Med): 61 CAT III (Low): 0
STIG Description
The Microsoft Outlook 2016 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Public)

Finding ID Severity Title
V-71113 Medium Saved from URL mark to assure Internet zone processing must be enforced.
V-71239 Medium Automatic download content for email in Safe Senders list must be disallowed.
V-71195 Medium S/Mime interoperability with external clients for message handling must be configured.
V-71235 Medium Retrieving of CRL data must be set for online action.
V-71237 Medium External content and pictures in HTML email must be displayed.
V-71231 Medium Send all signed messages as clear signed messages must be configured.
V-71233 Medium Automatic sending s/Mime receipt requests must be disallowed.
V-71159 Medium The ability to display level 1 attachments must be disallowed.
V-71279 Medium Outlook Rich Text options must be set for converting to plain text format.
V-71133 Medium Level of calendar details that a user can publish must be restricted.
V-71131 Medium Publishing to a Web Distributed and Authoring (DAV) server must be prevented.
V-71137 Medium Plain Text Options for outbound email must be configured.
V-71259 Medium Disabling download full text of articles as HTML must be configured.
V-71135 Medium Access restriction settings for published calendars must be configured.
V-71271 Medium Outlook must be configured not to prompt users to choose security settings if default settings fail.
V-71255 Medium Outlook must be configured to force authentication when connecting to an Exchange server.
V-71117 Medium Scripted Window Security must be enforced.
V-71253 Medium RPC encryption between Outlook and Exchange server must be enforced.
V-71273 Medium Outlook minimum encryption key length settings must be set.
V-71277 Medium Check e-mail addresses against addresses of certificates being used must be disallowed.
V-71227 Medium Message formats must be set to use SMime.
V-71119 Medium Add-on Management functionality must be allowed.
V-71157 Medium Outlook Security Mode must be configured to use Group Policy settings.
V-71151 Medium The Add-In Trust Level must be configured.
V-71153 Medium The remember password for internet e-mail accounts must be disabled.
V-71111 Medium Enabling IE Bind to Object functionality must be present.
V-71175 Medium Object Model Prompt behavior for Meeting and Task Responses must be configured.
V-71163 Medium Level 2 file extensions must be blocked and not removed.
V-71173 Medium Object Model Prompt behavior for programmatic access of user address data must be configured.
V-71171 Medium Object Model Prompt behavior for programmatic address books must be configured.
V-71251 Medium Hyperlinks in suspected phishing email messages must be disallowed.
V-71229 Medium Run in FIPS compliant mode must be enforced.
V-71267 Medium Automatically downloading enclosures on RSS must be disallowed.
V-71265 Medium User Entries to Server List must be disallowed.
V-71263 Medium Internet calendar integration in Outlook must be disabled.
V-71155 Medium Users customizing attachment security settings must be prevented.
V-71275 Medium Replies or forwards to signed/encrypted messages must be signed/encrypted.
V-71115 Medium Navigation to URLs embedded in Office products must be blocked.
V-71269 Medium Default message format must be set to use Plain Text.
V-71125 Medium Protection from zone elevation must be enforced.
V-71127 Medium ActiveX Installs must be configured for proper restriction.
V-71121 Medium Links that invoke instances of Internet Explorer from within an Office product must be blocked.
V-71249 Medium Always warn on untrusted macros must be enforced.
V-71123 Medium File Downloads must be configured for proper restrictions.
V-71245 Medium Internet with Safe Zones for Picture Download must be disabled.
V-71247 Medium Intranet with Safe Zones for automatic picture downloads must be configured.
V-71129 Medium Publishing calendars to Office Online must be prevented.
V-71241 Medium Permit download of content from safe zones must be configured.
V-71243 Medium IE Trusted Zones assumed trusted must be blocked.
V-71161 Medium Level 1 file extensions must be blocked and not removed.
V-71145 Medium Outlook Object Model scripts must be disallowed to run for shared folders.
V-71165 Medium Scripts in One-Off Outlook forms must be disallowed.
V-71167 Medium Custom Outlook Object Model (OOM) action execution prompts must be configured.
V-71261 Medium Automatic download of Internet Calendar appointment attachments must be disallowed.
V-71169 Medium Object Model Prompt for programmatic email send behavior must be configured.
V-71179 Medium Object Model Prompt behavior for accessing User Property Formula must be configured.
V-71147 Medium Outlook Object Model scripts must be disallowed to run for public folders.
V-71149 Medium ActiveX One-Off forms must be configured.
V-71193 Medium Trusted add-ins behavior for email must be configured.
V-71109 Medium Disabling of user name and password syntax from being used in URLs must be enforced.
V-71177 Medium Object Model Prompt behavior for the SaveAs method must be configured.