S/Mime interoperability with external clients for message handling must be configured.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-71195	DTOO257	SV-85819r1_rule		Medium

Description
This policy setting controls whether Outlook decodes encrypted messages itself or passes them to an external program for processing. If you enable this policy setting, you can choose from three options for configuring external S/MIME clients:- Handle internally. Outlook decrypts all S/MIME messages itself.- Handle externally. Outlook hands all S/MIME messages off to the configured external program.- Handle if possible. Outlook attempts to decrypt all S/MIME messages itself. If it cannot decrypt a message, Outlook hands the message off to the configured external program. This option is the default configuration. If you disable or do not configure this policy setting, the behavior is the equivalent of selecting Enabled: Handle if possible.

Description

This policy setting controls whether Outlook decodes encrypted messages itself or passes them to an external program for processing. If you enable this policy setting, you can choose from three options for configuring external S/MIME clients:- Handle internally. Outlook decrypts all S/MIME messages itself.- Handle externally. Outlook hands all S/MIME messages off to the configured external program.- Handle if possible. Outlook attempts to decrypt all S/MIME messages itself. If it cannot decrypt a message, Outlook hands the message off to the configured external program. This option is the default configuration. If you disable or do not configure this policy setting, the behavior is the equivalent of selecting Enabled: Handle if possible.

STIG	Date
Microsoft Outlook 2016 Security Technical Implementation Guide	2017-05-08

Details

Check Text ( C-71611r2_chk )
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Security -> Cryptography "S/MIME interoperability with external clients" is set to "Enabled (Handle internally)". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\16.0\outlook\security Criteria: If the value ExternalSMime is REG_DWORD = 0, this is not a finding.

Check Text ( C-71611r2_chk )

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Security -> Cryptography "S/MIME interoperability with external clients" is set to "Enabled (Handle internally)".

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\16.0\outlook\security

Criteria: If the value ExternalSMime is REG_DWORD = 0, this is not a finding.

Fix Text (F-77527r1_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Security -> Cryptography "S/MIME interoperability with external clients" to "Enabled (Handle internally)".