Microsoft Outlook 2013 STIG
Rules, Groups, and Values defined within the XCCDF Benchmark
-
DTOO246 - Scripts in One-Off Forms
Group -
Scripts in One-Off Outlook forms must be disallowed.
Malicious code can be included within Outlook forms, and such code could be executed when users open the form. By default, Outlook does not run scripts in forms in which the script and the layout ...Rule Medium Severity -
DTOO273 - Block Trusted Zones
Group -
DTOO236 - Add-In Trust Level
Group -
DTOO250 - Object Model Prompt for Address Book
Group -
Object Model Prompt behavior for programmatic address books must be configured.
If an untrusted application accesses the address book, the application could gain access to sensitive data and potentially change that data. By default, when an untrusted application attempts to ac...Rule Medium Severity -
DTOO241 - Demote Attachments to Level 2
Group -
Action to demote an EMail Level 1 attachment to Level 2 must be configured.
Outlook uses two levels of security to restrict access to files attached to email messages or other items. Files with specific extensions can be categorized as Level 1 (users cannot view the file) ...Rule Medium Severity -
DTOO254 - Object Model Prompt for Formula Property
Group -
Object Model Prompt behavior for accessing User Property Formula must be configured.
A custom form in Outlook could be used to gain access to sensitive address book data and potentially to change that data. By default, when a user tries to bind an address information field to a com...Rule Medium Severity -
DTOO253 - Object Model Prompt for Save As
Group -
Object Model Prompt behavior for the SaveAs method must be configured.
If an untrusted application uses the Save As command to programmatically save an item, the application could add malicious data to a user's inbox, a public folder, or an address book. By default, w...Rule Medium Severity -
DTOO251 - Object Model Prompt for Reading Address
Group -
Warning about invalid signatures must be enforced.
If users open email messages that include invalid digital signatures, Outlook displays a warning dialog box. Users can decide whether they want to be warned about invalid signatures in the future. ...Rule Medium Severity -
DTOO252-Object Model Prompt for Meeting Response
Group -
Object Model Prompt behavior for Meeting and Task Responses must be configured.
If an untrusted application programmatically responds to tasks or meeting requests, that application could impersonate a user response to the tasks or meeting requests with false information. By d...Rule Medium Severity -
DTOO249 - Object Model Prmpt for auto email send
Group -
Object Model Prompt for programmatic email send behavior must be configured.
If an untrusted application programmatically sends email, that application could send mail that includes malicious code, impersonate a user, or launch a denial of service attack by sending a large ...Rule Medium Severity -
DTOO256 - Trusted Add-Ins Security
Group -
DTOO237-Disable "remember password" on eMail Accts
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.