Microsoft Outlook 2010 STIG
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Disable user name and password syntax from being used in URLs
The Uniform Resource Locator (URL) standard allows user authentication to be included in URL strings in the form http://username:password@example.com. A malicious user might use this URL syntax to ...Rule Medium Severity -
Permit download of content from safe zones must be configured.
By default, Outlook automatically downloads content from sites that are considered "safe," as defined in the Security tab of the Internet Options dialog box in Internet Explorer. This configuration...Rule Medium Severity -
Access restriction settings for published calendars must be configured.
Users can share their calendars with others by publishing them to the Microsoft Office Online Calendar Sharing Services and to a server that supports the World Wide Web Distributed Authoring and Ve...Rule Medium Severity -
IE Trusted Zones assumed 'trusted' must be blocked.
Malicious users can send HTML e-mail messages with embedded Web beacons, which are pictures and other content from external servers that can be used to track whether specific recipients open the me...Rule Medium Severity -
Object Model Prompt behavior for the SaveAs method must be configured.
If an untrusted application uses the Save As command to programmatically save an item, the application could add malicious data to a user's inbox, a public folder, or an address book. By default, w...Rule Medium Severity -
Object Model Prompt behavior for programmatic access of user address data must be configured.
If an untrusted application accesses the recipient fields, the application could gain access to sensitive data and potentially change that data. This could result in mail being sent to the wrong pa...Rule Medium Severity -
Object Model Prompt for programmatic email send behavior must be configured.
If an untrusted application programmatically sends e-mail, that application could send mail that includes malicious code, impersonate a user, or launch a denial-of-service attack by sending a large...Rule Medium Severity -
Dial-up and Hang up Options for Outlook must be configured.
By default, users can connect to their e-mail servers using dial-up networking if their accounts are configured appropriately. Dial-up connections are often used by mobile users who need to connect...Rule Medium Severity -
Level 1 attachment close behaviors must be configured.
To protect users from viruses and other harmful files, Outlook uses two levels of security, designated Level 1 and Level 2, to restrict users' access to files attached to e-mail messages or other i...Rule Medium Severity -
Disabling download full text of articles as HTML must be configured.
Many RSS feeds use messages that contain a brief summary of a larger message or an article with a link to the full content. Users can configure Outlook to automatically download the linked content ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.