Skip to content

I - Mission Critical Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Internet calendar integration in Outlook must be disabled.

    &lt;VulnDiscussion&gt;This policy setting allows the user to determine whether or not to include Internet Calendar integration in Outlook. The Inte...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • User Entries to Server List must be disallowed.

    &lt;VulnDiscussion&gt;This policy setting controls whether Outlook users can add entries to the list of SharePoint servers when establishing a meet...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Automatically downloading enclosures on RSS must be disallowed.

    &lt;VulnDiscussion&gt;This policy setting allows you to control whether Outlook automatically downloads enclosures on RSS items. If you enable this...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Outlook must be configured not to prompt users to choose security settings if default settings fail.

    &lt;VulnDiscussion&gt;Check to prompt the user to choose security settings if default settings fail; uncheck to automatically select.&lt;/VulnDiscu...
    Rule Medium Severity
  • SRG-APP-000514

    <GroupDescription></GroupDescription>
    Group
  • Outlook minimum encryption key length settings must be set.

    &lt;VulnDiscussion&gt;This policy setting allows you to set the minimum key length for an encrypted e-mail message. If you enable this policy setti...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Replies or forwards to signed/encrypted messages must be signed/encrypted.

    &lt;VulnDiscussion&gt;This policy setting controls whether replies and forwards to signed/encrypted mail should also be signed/encrypted. If you en...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Check e-mail addresses against addresses of certificates being used must be disallowed.

    &lt;VulnDiscussion&gt;This policy setting controls whether Outlook verifies the user's e-mail address with the address associated with the certific...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Read EMail as plain text must be enforced.

    &lt;VulnDiscussion&gt;Outlook can display email messages and other items in three formats: plain text, Rich Text Format (RTF), and HTML. By default...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Read signed email as plain text must be enforced.

    &lt;VulnDiscussion&gt;Outlook can display email messages and other items in three formats: plain text, Rich Text Format (RTF), and HTML. By default...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • The default message format must be set to use Plain Text.

    &lt;VulnDiscussion&gt;Outlook uses HTML as the default email format. HTML format poses a security risk by embedding information into the email itse...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules