II - Mission Support Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000488
Group -
Object Model Prompt for programmatic email send behavior must be configured.
This policy setting controls what happens when an untrusted program attempts to send e-mail programmatically using the Outlook object model. If you enable this policy setting, you can choose from f...Rule Medium Severity -
SRG-APP-000488
Group -
Object Model Prompt behavior for programmatic address books must be configured.
This policy setting controls what happens when an untrusted program attempts to gain access to an Address Book using the Outlook object model. If you enable this policy setting, you can choose from...Rule Medium Severity -
SRG-APP-000488
Group -
Object Model Prompt behavior for programmatic access of user address data must be configured.
This policy setting controls what happens when an untrusted program attempts to gain access to a recipient field, such as the 'To:' field, using the Outlook object model. If you enable this policy ...Rule Medium Severity -
SRG-APP-000488
Group -
Object Model Prompt behavior for Meeting and Task Responses must be configured.
This policy setting controls what happens when an untrusted program attempts to programmatically send e-mail in Outlook using the Response method of a task or meeting request. If you enable this po...Rule Medium Severity -
SRG-APP-000488
Group -
Object Model Prompt behavior for the SaveAs method must be configured.
This policy setting controls what happens when an untrusted program attempts to use the Save As command to programmatically save an item. If you enable this policy setting, you can choose from four...Rule Medium Severity -
SRG-APP-000488
Group -
Object Model Prompt behavior for accessing User Property Formula must be configured.
This policy setting controls what happens when a user designs a custom form in Outlook and attempts to bind an Address Information field to a combination or formula custom field. If you enable this...Rule Medium Severity -
SRG-APP-000516
Group -
Trusted add-ins behavior for email must be configured.
This policy setting can be used to specify a list of trusted add-ins that can be run without being restricted by the security measures in Outlook. If you enable this policy setting, a list of trust...Rule Medium Severity -
SRG-APP-000179
Group -
S/Mime interoperability with external clients for message handling must be configured.
This policy setting controls whether Outlook decodes encrypted messages itself or passes them to an external program for processing. If you enable this policy setting, you can choose from three opt...Rule Medium Severity -
SRG-APP-000179
Group -
Message formats must be set to use SMime.
This policy setting controls which message encryption formats Outlook can use. Outlook supports three formats for encrypting and signing messages: S/MIME, Exchange, and Fortezza. If you enable this...Rule Medium Severity -
SRG-APP-000179
Group -
Run in FIPS compliant mode must be enforced.
This policy setting controls whether Outlook is required to use FIPS-compliant algorithms when signing and encrypting messages. Outlook can run in a mode that complies with Federal Information Pro...Rule Medium Severity -
SRG-APP-000516
Group -
Send all signed messages as clear signed messages must be configured.
This policy setting controls whether Outlook sends signed messages as clear text signed messages. If you enable this policy setting, the "Send clear text signed message when sending signed messages...Rule Medium Severity -
SRG-APP-000516
Group -
Automatic sending s/Mime receipt requests must be disallowed.
This policy setting controls how Outlook handles S/MIME receipt requests. If you enable this policy setting, you can choose from four options for handling S/MIME receipt requests in Outlook:- Open ...Rule Medium Severity -
SRG-APP-000175
Group -
Retrieving of CRL data must be set for online action.
This policy setting controls how Outlook retrieves Certificate Revocation Lists to verify the validity of certificates.Certificate revocation lists (CRLs) are lists of digital certificates that hav...Rule Medium Severity -
SRG-APP-000516
Group -
External content and pictures in HTML email must be displayed.
This policy setting setting controls whether Outlook downloads untrusted pictures and external content located in HTML e-mail messages without users explicitly choosing to download them. If you ena...Rule Medium Severity -
SRG-APP-000516
Group -
Automatic download content for email in Safe Senders list must be disallowed.
This policy setting controls whether Outlook automatically downloads external content in e-mail from senders in the Safe Senders List or Safe Recipients List. If you enable this policy setting, Out...Rule Medium Severity -
SRG-APP-000516
Group -
Permit download of content from safe zones must be configured.
This policy setting controls whether Outlook automatically downloads content from safe zones when displaying messages. If you enable this policy setting content from safe zones will be downloaded a...Rule Medium Severity -
SRG-APP-000516
Group -
IE Trusted Zones assumed trusted must be blocked.
This policy setting controls whether pictures from sites in the Trusted Sites security zone are automatically downloaded in Outlook e-mail messages and other items. If you enable this policy settin...Rule Medium Severity -
SRG-APP-000516
Group -
Internet with Safe Zones for Picture Download must be disabled.
This policy setting controls whether pictures and external content in HTML e-mail messages from untrusted senders on the Internet are downloaded without Outlook users explicitly choosing to do so. ...Rule Medium Severity -
SRG-APP-000516
Group -
Intranet with Safe Zones for automatic picture downloads must be configured.
This policy setting controls whether pictures and external content in HTML e-mail messages from untrusted senders on the local intranet are downloaded without Outlook users explictly choosing to do...Rule Medium Severity -
SRG-APP-000207
Group -
Always warn on untrusted macros must be enforced.
This policy setting controls the security level for macros in Outlook. If you enable this policy setting, you can choose from four options for handling macros in Outlook: - Always warn. This option...Rule Medium Severity -
SRG-APP-000516
Group -
Hyperlinks in suspected phishing email messages must be disallowed.
This policy setting controls whether hyperlinks in suspected phishing e-mail messages in Outlook are allowed. If you enable this policy setting, Outlook will allow hyperlinks in suspected phishing ...Rule Medium Severity -
SRG-APP-000395
Group -
RPC encryption between Outlook and Exchange server must be enforced.
This policy setting controls whether Outlook uses remote procedure call (RPC) encryption to communicate with Microsoft Exchange servers. If you enable this policy setting, Outlook uses RPC encrypti...Rule Medium Severity -
SRG-APP-000395
Group -
Outlook must be configured to force authentication when connecting to an Exchange server.
This policy setting controls which authentication method Outlook uses to authenticate with Microsoft Exchange Server. Note - Exchange Server supports the Kerberos authentication protocol and NTLM f...Rule Medium Severity -
SRG-APP-000516
Group -
Disabling download full text of articles as HTML must be configured.
This policy setting controls whether Outlook automatically makes an offline copy of the RSS items as HTML attachments. If you enable this policy setting, Outlook automatically makes an offline copy...Rule Medium Severity -
SRG-APP-000209
Group -
Automatic download of Internet Calendar appointment attachments must be disallowed.
This policy setting controls whether Outlook downloads files attached to Internet Calendar appointments. If you enable this policy setting, Outlook automatically downloads all Internet Calendar app...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.