STIGQter: STIG Summary: Microsoft Outlook 2013 STIG Version: 1 Release: 13 Benchmark Date: 26 Oct 2018:

Run in FIPS compliant mode must be enforced.

DISA Rule

SV-54005r1_rule

Vulnerability Number

V-17787

Group Title

DTOO262 - FIPS compliant mode

Rule Version

DTOO262

Severity

CAT II

CCI(s)

• CCI-000803 - The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Weight

10

Fix Recommendation

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Security -> Cryptography "Run in FIPS compliant mode" to "Enabled".

Check Contents

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Security -> Cryptography "Run in FIPS compliant mode" is set to "Enabled".

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\15.0\outlook\security

Criteria: If the value FIPSMode is REG_DWORD = 1, this is not a finding.

Vulnerability Number

V-17787

Documentable

False

Rule Version

DTOO262

Severity Override Guidance

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Security -> Cryptography "Run in FIPS compliant mode" is set to "Enabled".

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\15.0\outlook\security

Criteria: If the value FIPSMode is REG_DWORD = 1, this is not a finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

2482

Comments