Skip to content

Microsoft Outlook 2016 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Disabling download full text of articles as HTML must be configured.

    &lt;VulnDiscussion&gt;This policy setting controls whether Outlook automatically makes an offline copy of the RSS items as HTML attachments. If you...
    Rule Medium Severity
  • SRG-APP-000209

    <GroupDescription></GroupDescription>
    Group
  • Automatic download of Internet Calendar appointment attachments must be disallowed.

    &lt;VulnDiscussion&gt;This policy setting controls whether Outlook downloads files attached to Internet Calendar appointments. If you enable this p...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Internet calendar integration in Outlook must be disabled.

    &lt;VulnDiscussion&gt;This policy setting allows the user to determine whether or not to include Internet Calendar integration in Outlook. The Inte...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • User Entries to Server List must be disallowed.

    &lt;VulnDiscussion&gt;This policy setting controls whether Outlook users can add entries to the list of SharePoint servers when establishing a meet...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Automatically downloading enclosures on RSS must be disallowed.

    &lt;VulnDiscussion&gt;This policy setting allows you to control whether Outlook automatically downloads enclosures on RSS items. If you enable this...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Outlook must be configured not to prompt users to choose security settings if default settings fail.

    &lt;VulnDiscussion&gt;Check to prompt the user to choose security settings if default settings fail; uncheck to automatically select.&lt;/VulnDiscu...
    Rule Medium Severity
  • SRG-APP-000514

    <GroupDescription></GroupDescription>
    Group
  • Outlook minimum encryption key length settings must be set.

    &lt;VulnDiscussion&gt;This policy setting allows you to set the minimum key length for an encrypted e-mail message. If you enable this policy setti...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Replies or forwards to signed/encrypted messages must be signed/encrypted.

    &lt;VulnDiscussion&gt;This policy setting controls whether replies and forwards to signed/encrypted mail should also be signed/encrypted. If you en...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Check e-mail addresses against addresses of certificates being used must be disallowed.

    &lt;VulnDiscussion&gt;This policy setting controls whether Outlook verifies the user's e-mail address with the address associated with the certific...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • The default message format must be set to use Plain Text.

    &lt;VulnDiscussion&gt;Outlook uses HTML as the default email format. HTML format poses a security risk by embedding information into the email itse...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Outlook Rich Text options must be set for converting to plain text format.

    &lt;VulnDiscussion&gt;Outlook automatically converts Rich Text Format (RTF) messages that are sent over the internet to HTML format, so that the me...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Text in Outlook that represents internet and network paths must not be automatically turned into hyperlinks.

    &lt;VulnDiscussion&gt;The ability of Outlook to automatically turn text that represents internet and network paths into hyperlinks would allow user...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules