RSS Feeds must be disallowed.

An XCCDF Rule

Description

<VulnDiscussion>Users can subscribe to RSS feeds from within Outlook and read RSS items like e-mail messages. If your organization has policies that govern the use of external resources such as RSS feeds, allowing users to subscribe to the RSS feed in Outlook might enable them to violate those policies.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>System Administrator</Responsibility><Responsibility>Information Assurance Officer</Responsibility><IAControls></IAControls>

ID: SV-33502r1_rule
Severity: Medium
References: CCI-000381
Updated: about 1 year ago


================================== 
NOTE:
If the use of RSS feeds integrated into Outlook is a mission need, and the network environment is configured with the following criteria: 
1. Both the web site issuing the RSS feeds and the Outlook e-mail client must both have an available network path to each other.
2. Neither the web site issuing the RSS feeds nor the Outlook e-mail client have a network path to the public Internet.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> RSS Feeds “Turn off RSS feature” to “Disabled”.

For all environments where the Outlook e-mail clients have access to public Internet web sites, RSS integration into Outlook is not permitted, and should be configured as follows.
================================= 

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> RSS Feeds “Turn off RSS feature” to “Enabled”.

RSS Feeds must be disallowed.

Description

Remediation - Manual Procedure