Skip to content

No profile (default benchmark)

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Permit download of content from safe zones must be configured.

    &lt;VulnDiscussion&gt;This policy setting controls whether Outlook automatically downloads content from safe zones when displaying messages. If you...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • IE Trusted Zones assumed trusted must be blocked.

    &lt;VulnDiscussion&gt;This policy setting controls whether pictures from sites in the Trusted Sites security zone are automatically downloaded in O...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Internet with Safe Zones for Picture Download must be disabled.

    &lt;VulnDiscussion&gt;This policy setting controls whether pictures and external content in HTML e-mail messages from untrusted senders on the Inte...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Intranet with Safe Zones for automatic picture downloads must be configured.

    &lt;VulnDiscussion&gt;This policy setting controls whether pictures and external content in HTML e-mail messages from untrusted senders on the loca...
    Rule Medium Severity
  • SRG-APP-000207

    <GroupDescription></GroupDescription>
    Group
  • Always warn on untrusted macros must be enforced.

    &lt;VulnDiscussion&gt;This policy setting controls the security level for macros in Outlook. If you enable this policy setting, you can choose from...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Hyperlinks in suspected phishing email messages must be disallowed.

    &lt;VulnDiscussion&gt;This policy setting controls whether hyperlinks in suspected phishing e-mail messages in Outlook are allowed. If you enable t...
    Rule Medium Severity
  • SRG-APP-000395

    <GroupDescription></GroupDescription>
    Group
  • RPC encryption between Outlook and Exchange server must be enforced.

    &lt;VulnDiscussion&gt;This policy setting controls whether Outlook uses remote procedure call (RPC) encryption to communicate with Microsoft Exchan...
    Rule Medium Severity
  • SRG-APP-000395

    <GroupDescription></GroupDescription>
    Group
  • Outlook must be configured to force authentication when connecting to an Exchange server.

    &lt;VulnDiscussion&gt;This policy setting controls which authentication method Outlook uses to authenticate with Microsoft Exchange Server. Note - ...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Disabling download full text of articles as HTML must be configured.

    &lt;VulnDiscussion&gt;This policy setting controls whether Outlook automatically makes an offline copy of the RSS items as HTML attachments. If you...
    Rule Medium Severity
  • SRG-APP-000209

    <GroupDescription></GroupDescription>
    Group
  • Automatic download of Internet Calendar appointment attachments must be disallowed.

    &lt;VulnDiscussion&gt;This policy setting controls whether Outlook downloads files attached to Internet Calendar appointments. If you enable this p...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules