Default message format must be set to use Plain Text.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-71269	DTOO314	SV-85893r1_rule		Medium

Description
Outlook uses HTML as the default email format. HTML format poses a security risk by embedding information into the email itself, which could allow for release of sensitive information. If a user attempted to insert an HTML link into an email message, the link itself may direct to a malicious website. By sending in that format, the recipient would be subject to becoming infected by the malicious website.

Description

Outlook uses HTML as the default email format. HTML format poses a security risk by embedding information into the email itself, which could allow for release of sensitive information. If a user attempted to insert an HTML link into an email message, the link itself may direct to a malicious website. By sending in that format, the recipient would be subject to becoming infected by the malicious website.

STIG	Date
Microsoft Outlook 2016 STIG	2016-12-02

Details

Check Text ( None )
None

Fix Text (F-46942r1_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Outlook Options -> Mail Format -> Internet Formatting -> Message Format "Set message format" to "Enabled: Plain Text".