Microsoft Outlook 2016 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Retrieving of CRL data must be set for online action.
<VulnDiscussion>This policy setting controls how Outlook retrieves Certificate Revocation Lists to verify the validity of certificates.Certif...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
External content and pictures in HTML email must be displayed.
<VulnDiscussion>This policy setting setting controls whether Outlook downloads untrusted pictures and external content located in HTML e-mail...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Automatic download content for email in Safe Senders list must be disallowed.
<VulnDiscussion>This policy setting controls whether Outlook automatically downloads external content in e-mail from senders in the Safe Send...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Permit download of content from safe zones must be configured.
<VulnDiscussion>This policy setting controls whether Outlook automatically downloads content from safe zones when displaying messages. If you...Rule Medium Severity -
IE Trusted Zones assumed trusted must be blocked.
<VulnDiscussion>This policy setting controls whether pictures from sites in the Trusted Sites security zone are automatically downloaded in O...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Internet with Safe Zones for Picture Download must be disabled.
<VulnDiscussion>This policy setting controls whether pictures and external content in HTML e-mail messages from untrusted senders on the Inte...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Intranet with Safe Zones for automatic picture downloads must be configured.
<VulnDiscussion>This policy setting controls whether pictures and external content in HTML e-mail messages from untrusted senders on the loca...Rule Medium Severity -
SRG-APP-000207
<GroupDescription></GroupDescription>Group -
Always warn on untrusted macros must be enforced.
<VulnDiscussion>This policy setting controls the security level for macros in Outlook. If you enable this policy setting, you can choose from...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Hyperlinks in suspected phishing email messages must be disallowed.
<VulnDiscussion>This policy setting controls whether hyperlinks in suspected phishing e-mail messages in Outlook are allowed. If you enable t...Rule Medium Severity -
SRG-APP-000395
<GroupDescription></GroupDescription>Group -
RPC encryption between Outlook and Exchange server must be enforced.
<VulnDiscussion>This policy setting controls whether Outlook uses remote procedure call (RPC) encryption to communicate with Microsoft Exchan...Rule Medium Severity -
SRG-APP-000395
<GroupDescription></GroupDescription>Group -
Outlook must be configured to force authentication when connecting to an Exchange server.
<VulnDiscussion>This policy setting controls which authentication method Outlook uses to authenticate with Microsoft Exchange Server. Note - ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.