STIGQter: STIG Summary: Microsoft Office 365 ProPlus Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The minimum encryption key length in Outlook must be at least 168.

DISA Rule

SV-223356r508019_rule

Vulnerability Number

V-223356

Group Title

SRG-APP-000630

Rule Version

O365-OU-000011

Severity

CAT II

CCI(s)

• CCI-002450 - The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Weight

10

Fix Recommendation

Set the policy value for User Configuration >> Administrative Templates >> Microsoft Outlook 2016 >> Security >> Cryptography >> Minimum encryption settings to "Enabled"and a Minimum key size (in bits) of "168" or above.

Check Contents

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Outlook 2016 >> Security >> Cryptography >> Minimum encryption settings is set to "Enabled" and a Minimum key size (in bits) of "168" or above.

Use the Windows Registry to navigate to the following key:

HKCU\software\policies\microsoft\office\16.0\outlook\security

If the value for minenckey is set to 168 or above, this is not a finding.

Vulnerability Number

V-223356

Documentable

False

Rule Version

O365-OU-000011

Severity Override Guidance

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Outlook 2016 >> Security >> Cryptography >> Minimum encryption settings is set to "Enabled" and a Minimum key size (in bits) of "168" or above.

Use the Windows Registry to navigate to the following key:

HKCU\software\policies\microsoft\office\16.0\outlook\security

If the value for minenckey is set to 168 or above, this is not a finding.

Check Content Reference

M

Target Key

4099

Comments