Microsoft Outlook 2016 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000210
<GroupDescription></GroupDescription>Group -
Scripts in One-Off Outlook forms must be disallowed.
<VulnDiscussion>This policy setting controls whether scripts can run in Outlook forms in which the script and layout are contained within the...Rule Medium Severity -
SRG-APP-000488
<GroupDescription></GroupDescription>Group -
Custom Outlook Object Model (OOM) action execution prompts must be configured.
<VulnDiscussion>This policy setting controls whether Outlook prompts users before executing a custom action. Custom actions add functionality...Rule Medium Severity -
SRG-APP-000488
<GroupDescription></GroupDescription>Group -
Object Model Prompt for programmatic email send behavior must be configured.
<VulnDiscussion>This policy setting controls what happens when an untrusted program attempts to send e-mail programmatically using the Outloo...Rule Medium Severity -
SRG-APP-000488
<GroupDescription></GroupDescription>Group -
Object Model Prompt behavior for programmatic address books must be configured.
<VulnDiscussion>This policy setting controls what happens when an untrusted program attempts to gain access to an Address Book using the Outl...Rule Medium Severity -
SRG-APP-000488
<GroupDescription></GroupDescription>Group -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Object Model Prompt behavior for programmatic access of user address data must be configured.
<VulnDiscussion>This policy setting controls what happens when an untrusted program attempts to gain access to a recipient field, such as the...Rule Medium Severity -
SRG-APP-000488
<GroupDescription></GroupDescription>Group -
Object Model Prompt behavior for Meeting and Task Responses must be configured.
<VulnDiscussion>This policy setting controls what happens when an untrusted program attempts to programmatically send e-mail in Outlook using...Rule Medium Severity -
SRG-APP-000488
<GroupDescription></GroupDescription>Group -
Object Model Prompt behavior for the SaveAs method must be configured.
<VulnDiscussion>This policy setting controls what happens when an untrusted program attempts to use the Save As command to programmatically s...Rule Medium Severity -
SRG-APP-000488
<GroupDescription></GroupDescription>Group -
Object Model Prompt behavior for accessing User Property Formula must be configured.
<VulnDiscussion>This policy setting controls what happens when a user designs a custom form in Outlook and attempts to bind an Address Inform...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Trusted add-ins behavior for email must be configured.
<VulnDiscussion>This policy setting can be used to specify a list of trusted add-ins that can be run without being restricted by the security...Rule Medium Severity -
SRG-APP-000179
<GroupDescription></GroupDescription>Group -
S/Mime interoperability with external clients for message handling must be configured.
<VulnDiscussion>This policy setting controls whether Outlook decodes encrypted messages itself or passes them to an external program for proc...Rule Medium Severity -
SRG-APP-000179
<GroupDescription></GroupDescription>Group -
Message formats must be set to use SMime.
<VulnDiscussion>This policy setting controls which message encryption formats Outlook can use. Outlook supports three formats for encrypting ...Rule Medium Severity -
SRG-APP-000179
<GroupDescription></GroupDescription>Group -
Run in FIPS compliant mode must be enforced.
<VulnDiscussion>This policy setting controls whether Outlook is required to use FIPS-compliant algorithms when signing and encrypting message...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Send all signed messages as clear signed messages must be configured.
<VulnDiscussion>This policy setting controls whether Outlook sends signed messages as clear text signed messages. If you enable this policy s...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Automatic sending s/Mime receipt requests must be disallowed.
<VulnDiscussion>This policy setting controls how Outlook handles S/MIME receipt requests. If you enable this policy setting, you can choose f...Rule Medium Severity -
SRG-APP-000175
<GroupDescription></GroupDescription>Group -
Retrieving of CRL data must be set for online action.
<VulnDiscussion>This policy setting controls how Outlook retrieves Certificate Revocation Lists to verify the validity of certificates.Certif...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
External content and pictures in HTML email must be displayed.
<VulnDiscussion>This policy setting setting controls whether Outlook downloads untrusted pictures and external content located in HTML e-mail...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Automatic download content for email in Safe Senders list must be disallowed.
<VulnDiscussion>This policy setting controls whether Outlook automatically downloads external content in e-mail from senders in the Safe Send...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Permit download of content from safe zones must be configured.
<VulnDiscussion>This policy setting controls whether Outlook automatically downloads content from safe zones when displaying messages. If you...Rule Medium Severity -
IE Trusted Zones assumed trusted must be blocked.
<VulnDiscussion>This policy setting controls whether pictures from sites in the Trusted Sites security zone are automatically downloaded in O...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Internet with Safe Zones for Picture Download must be disabled.
<VulnDiscussion>This policy setting controls whether pictures and external content in HTML e-mail messages from untrusted senders on the Inte...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Intranet with Safe Zones for automatic picture downloads must be configured.
<VulnDiscussion>This policy setting controls whether pictures and external content in HTML e-mail messages from untrusted senders on the loca...Rule Medium Severity -
SRG-APP-000207
<GroupDescription></GroupDescription>Group -
Always warn on untrusted macros must be enforced.
<VulnDiscussion>This policy setting controls the security level for macros in Outlook. If you enable this policy setting, you can choose from...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Hyperlinks in suspected phishing email messages must be disallowed.
<VulnDiscussion>This policy setting controls whether hyperlinks in suspected phishing e-mail messages in Outlook are allowed. If you enable t...Rule Medium Severity -
SRG-APP-000395
<GroupDescription></GroupDescription>Group -
RPC encryption between Outlook and Exchange server must be enforced.
<VulnDiscussion>This policy setting controls whether Outlook uses remote procedure call (RPC) encryption to communicate with Microsoft Exchan...Rule Medium Severity -
SRG-APP-000395
<GroupDescription></GroupDescription>Group -
Outlook must be configured to force authentication when connecting to an Exchange server.
<VulnDiscussion>This policy setting controls which authentication method Outlook uses to authenticate with Microsoft Exchange Server. Note - ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.