STIGQter STIGQter: STIG Summary:

Microsoft Outlook 2013 STIG

Version: 1

Release: 13 Benchmark Date: 26 Oct 2018

SV-33404r2_ruleDisabling of user name and password syntax from being used in URLs must be enforced.
SV-53848r1_ruleThe Internet Explorer Bind to Object functionality must be enabled.
SV-53850r1_ruleThe Saved from URL mark must be selected to enforce Internet zone processing.
SV-53853r1_ruleNavigation to URLs embedded in Office products must be blocked.
SV-53863r1_ruleLinks that invoke instances of Internet Explorer from within an Office product must be blocked.
SV-54046r1_rulePermit download of content from safe zones must be configured.
SV-53872r1_ruleAccess restriction settings for published calendars must be configured.
SV-53885r1_ruleRecipients of sent email must be unable to be added to the safe senders list.
SV-53915r1_ruleActiveX One-Off forms must be configured.
SV-53993r1_ruleScripts in One-Off Outlook forms must be disallowed.
SV-54047r1_ruleIE Trusted Zones assumed trusted must be blocked.
SV-53919r1_ruleThe Add-In Trust Level must be configured.
SV-53997r1_ruleObject Model Prompt behavior for programmatic address books must be configured.
SV-53954r1_ruleAction to demote an EMail Level 1 attachment to Level 2 must be configured.
SV-54001r1_ruleObject Model Prompt behavior for accessing User Property Formula must be configured.
SV-54000r1_ruleObject Model Prompt behavior for the SaveAs method must be configured.
SV-53998r1_ruleObject Model Prompt behavior for programmatic access of user address data must be configured.
SV-55912r1_ruleObject Model Prompt behavior for Meeting and Task Responses must be configured.
SV-53996r1_ruleObject Model Prompt for programmatic email send behavior must be configured.
SV-54002r2_ruleTrusted add-ins behavior for email must be configured.
SV-53923r1_ruleThe remember password for internet e-mail accounts must be disabled.
SV-53976r2_ruleThe prompt to display level 1 attachments must be disallowed when closing an item.
SV-53957r2_ruleThe prompt to display level 1 attachments must be disallowed when sending an item.
SV-54056r1_ruleDisabling download full text of articles as HTML must be configured.
SV-54051r1_ruleHyperlinks in suspected phishing email messages must be disallowed.
SV-54052r1_ruleRPC encryption between Outlook and Exchange server must be enforced.
SV-53874r1_ruleJunk Mail UI must be configured.
SV-54048r1_ruleInternet with Safe Zones for Picture Download must be disabled.
SV-54049r1_ruleIntranet with Safe Zones for automatic picture downloads must be configured.
SV-53941r1_ruleThe ability to display level 1 attachments must be disallowed.
SV-54042r3_ruleExternal content and pictures in HTML email must be displayed.
SV-53886r1_ruleThe ability to add signatures to email messages must be allowed.
SV-53893r1_ruleFolders in non-default stores, set as folder home pages, must be disallowed.
SV-53903r1_ruleOutlook Object Model scripts must be disallowed to run for public folders.
SV-53899r1_ruleOutlook Object Model scripts must be disallowed to run for shared folders.
SV-54058r1_ruleInternet calendar integration in Outlook must be disabled.
SV-54038r1_ruleAttachments using generated name for secure temporary folders must be configured.
SV-54053r1_ruleOutlook must be configured to force authentication when connecting to an Exchange server.
SV-54057r1_ruleAutomatic download of Internet Calendar appointment attachments must be disallowed.
SV-54044r1_ruleAutomatic download content for email in Safe Senders list must be disallowed.
SV-53891r1_ruleOutlook must be enforced as the default email, calendar, and contacts program.
SV-54004r1_ruleMessage formats must be set to use SMime.
SV-54033r1_ruleMissing Root Certificates warning must be enforced.
SV-53934r2_ruleOutlook Security Mode must be configured to use Group Policy settings.
SV-53887r2_rulePlain Text Options for outbound email must be configured.
SV-53870r1_rulePublishing to a Web Distributed and Authoring (DAV) server must be prevented.
SV-53869r1_rulePublishing calendars to Office Online must be prevented.
SV-53929r1_ruleUsers customizing attachment security settings must be prevented.
SV-53867r1_ruleRead EMail as plain text must be enforced.
SV-53868r1_ruleRead signed email as plain text must be enforced.
SV-55898r2_ruleLevel 1 file extensions must be blocked and not removed.
SV-53989r2_ruleLevel 2 file extensions must be blocked and not removed.
SV-53871r1_ruleLevel of calendar details that a user can publish must be restricted.
SV-53873r1_ruleUpload method for publishing calendars to Office Online must be restricted.
SV-54031r1_ruleRetrieving of CRL data must be set for online action.
SV-54005r1_ruleRun in FIPS compliant mode must be enforced.
SV-54003r1_ruleS/Mime interoperability with external clients for message handling must be configured.
SV-54029r1_ruleAutomatic sending s/Mime receipt requests must be disallowed.
SV-54050r2_ruleAlways warn on untrusted macros must be enforced.
SV-54023r1_ruleSend all signed messages as clear signed messages must be configured.
SV-53994r1_ruleCustom Outlook Object Model (OOM) action execution prompts must be configured.
SV-54024r1_ruleWarning about invalid signatures must be enforced.
SV-54054r1_ruleRSS feed synchronization with Common Feed List must be disallowed.
SV-53882r1_ruleTrust EMail from senders in receivers contact list must be enforced.
SV-54055r2_ruleRSS Feeds must be disallowed.
SV-53897r1_ruleDragging Unicode email messages to file system must be disallowed.
SV-54059r1_ruleUser Entries to Server List must be disallowed.
SV-53862r1_ruleAdd-on Management functionality must be allowed.
SV-53865r1_ruleProtection from zone elevation must be enforced.
SV-53866r1_ruleActiveX installs must be configured for proper restrictions.
SV-53864r1_ruleFile Downloads must be configured for proper restrictions.
SV-53858r1_ruleScripted Window Security must be enforced.
SV-54061r1_ruleAutomatically downloading enclosures on RSS must be disallowed.
SV-54067r1_ruleOutlook Rich Text options must be set for converting to plain text format.
SV-54062r1_ruleDefault message format must be set to use Plain Text.
SV-54063r1_ruleOutlook must be configured not to prompt users to choose security settings if default settings fail.
SV-54064r1_ruleOutlook minimum encryption key length settings must be set.
SV-54065r1_ruleReplies or forwards to signed/encrypted messages must be signed/encrypted.
SV-54066r1_ruleCheck e-mail addresses against addresses of certificates being used must be disallowed.
SV-54068r1_ruleThe use of the weather bar in Outlook must be disabled
SV-54069r1_ruleText in Outlook that represents Internet and network paths must not be automatically turned into hyperlinks.