DISA STIG Office 2010 Outlook v1r5

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Office 2010 Outlook v1r5

Updated: 10/27/2021

Authority: DISA STIG

Plugin: Windows

Revision: 1.21

Estimated Item Count: 86

File Details

Filename: DISA_STIG_MS_Office_Outlook_2010.audit

Size: 90.5 kB

MD5: 294695eef882b770ff7d90ca79126fb8
SHA256: bb42a99081d962ea0de48e43cc8b79b54ce4e508df7bcee2ebf86e75b6d8782d

Audit Items

DescriptionCategories
DISA_STIG_MS_Office_Outlook_2010.audit for MS Outlook, from DISA Office 2010 STIG, v1r5 10.26.2012
DTOO104 - Disabling of user name and password syntax from being used in URLs must be enforced.

CONFIGURATION MANAGEMENT

DTOO111 - Enabling IE Bind to Object functionality must be present.

CONFIGURATION MANAGEMENT

DTOO117 - Saved from URL mark to assure Internet zone processing must be enforced.

CONFIGURATION MANAGEMENT

DTOO123 - Navigation to URL's embedded in Office products must be blocked.

CONFIGURATION MANAGEMENT

DTOO124 - Scripted Window Security must be enforced.

CONFIGURATION MANAGEMENT

DTOO126 - Add-on Management functionality must be allowed.

CONFIGURATION MANAGEMENT

DTOO128 - Data Execution Prevention must be enforced.

CONFIGURATION MANAGEMENT

DTOO129 - Links that invoke instances of IE from within an Office product must be blocked.

CONFIGURATION MANAGEMENT

DTOO132 - File Downloads must be configured for proper restrictions.

CONFIGURATION MANAGEMENT

DTOO209 - Protection from zone elevation must be enforced.

CONFIGURATION MANAGEMENT

DTOO211 - ActiveX Installs must be configured for proper restriction.

CONFIGURATION MANAGEMENT

DTOO214 - Read EMail as plain text must be enforced.

CONFIGURATION MANAGEMENT

DTOO215 - Read signed email as plain text must be enforced.

CONFIGURATION MANAGEMENT

DTOO216 - Publishing calendars to Office Online must be prevented.

ACCESS CONTROL

DTOO217 - Publishing to a Web Distributed and Authoring (DAV) server must be prevented.

CONFIGURATION MANAGEMENT

DTOO218 - Level of calendar details that a user can publish must be restricted.

CONFIGURATION MANAGEMENT

DTOO219 - Access restriction settings for published calendars must be configured.

ACCESS CONTROL

DTOO220 - Upload method for publishing calendars to Office Online must be restricted.

ACCESS CONTROL

DTOO221 - Junk Mail UI must be configured.

SYSTEM AND INFORMATION INTEGRITY

DTOO223 - Trust EMail from senders in receiver's contact list must be enforced.

CONFIGURATION MANAGEMENT

DTOO224 - Recipients of sent email must be unable to be added to the safe sender's list.

CONFIGURATION MANAGEMENT

DTOO225 - Outlook Dial-up options to Warn user before allowing switch in dial-up access must be configured.

CONFIGURATION MANAGEMENT

DTOO226 - Dial-up and Hang up Options for Outlook must be configured.

CONFIGURATION MANAGEMENT

DTOO227 - Digital signatures must be allowed.

CONFIGURATION MANAGEMENT

DTOO228 - Plain Text Options for outbound email must be configured.
DTOO229 - Outlook must be enforced as the default email, calendar, and contacts program.

CONFIGURATION MANAGEMENT

DTOO230 - Folders in non-default stores, set as folder home pages, must be disallowed.

CONFIGURATION MANAGEMENT

DTOO231 - Dragging Unicode eMail messages to file system must be disallowed.

CONFIGURATION MANAGEMENT

DTOO232 - Outlook Object Model scripts must be disallowed to run for shared folders.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO233 - Outlook Object Model scripts must be disallowed to run for public folders.

CONFIGURATION MANAGEMENT

DTOO234 - Active X One-Off forms must be configured.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO236 - The Add-In Trust Level must be configured.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO237 - The 'remember password' for internet e-mail accounts must be disabled.

IDENTIFICATION AND AUTHENTICATION

DTOO238 - Users customizing attachment security settings must be prevented.

SYSTEM AND INFORMATION INTEGRITY

DTOO239 - Outlook Security Mode must be configured to use Group Policy settings.

CONFIGURATION MANAGEMENT

DTOO240 - The ability to display level 1 attachments must be disallowed.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO241 - Action to demote an EMail Level 1 attachment to Level 2 must be configured.

CONFIGURATION MANAGEMENT

DTOO242 - Prompting behavior for Level 1 attachments on sending must be configured.

CONFIGURATION MANAGEMENT

DTOO243 - Level 1 attachment close behaviors must be configured.

CONFIGURATION MANAGEMENT

DTOO244 - Level 1 file extensions must be blocked and not removed.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO245 - Level 2 file extensions must be blocked and not removed.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO246 - Scripts in One-Off Outlook forms must be disallowed.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO247 - Custom Outlook Object Model (OOM) action execution prompts must be configured.

CONFIGURATION MANAGEMENT

DTOO249 - Object Model Prompt for programmatic email send behavior must be configured.

CONFIGURATION MANAGEMENT

DTOO250 - Object Model Prompt behavior for programmatic address books must be configured.

CONFIGURATION MANAGEMENT

DTOO251 - Object Model Prompt behavior for programmatic access of user address data must be configured.

CONFIGURATION MANAGEMENT

DTOO252 - Object Model Prompt behavior for Meeting and Task Responses must be configured.

CONFIGURATION MANAGEMENT

DTOO253 - Object Model Prompt behavior for the SaveAs method must be configured.

CONFIGURATION MANAGEMENT

DTOO254 - Object Model Prompt behavior for accessing User Property Formula must be configured.

CONFIGURATION MANAGEMENT