Detections
Analytics

DISA STIG Office 2007 Outlook v4r9

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Office 2007 Outlook v4r9

Updated: 1/5/2022

Authority: DISA STIG

Plugin: Windows

Revision: 1.10

Estimated Item Count: 77

Audit Items

DescriptionCategories
DTOO104 - Outlook - Disable user name and password syntax from being used in URLs.

CONFIGURATION MANAGEMENT

DTOO111 - OutLook - Enable IE Bind to Object functionality for instances of IE launched from Outlook.

CONFIGURATION MANAGEMENT

DTOO117 - OutLook - Evaluate Saved from URL mark when launched from OutLook.

CONFIGURATION MANAGEMENT

DTOO123 - Outlook - Block navigation to URL embedded in Office products to protect against attack by malformed URL.

CONFIGURATION MANAGEMENT

DTOO129 - OutLook - Block pop-ups for links that invoke instances of IE from within Outlook.

CONFIGURATION MANAGEMENT

DTOO214 - Outlook - Read EMail as plain text

CONFIGURATION MANAGEMENT

DTOO215 - Outlook - Read signed email as plain text.

CONFIGURATION MANAGEMENT

DTOO216 - Outlook - Prevent publishing calendars to Office Online.

ACCESS CONTROL

DTOO217 - Outlook - Prevent publishing to a Web Distributed and Authoring (DAV) server.
DTOO218 - Outlook - Restrict level of calendar details that a user can publish.

CONFIGURATION MANAGEMENT

DTOO219 - Outlook - Access restriction settings for published calendars in Outlook.

ACCESS CONTROL

DTOO220 - Outlook - Restrict upload method for publishing calendars to Office Online.

ACCESS CONTROL

DTOO221 - Outlook - Hide Junk Mail UI configuration for Outlook.

SYSTEM AND INFORMATION INTEGRITY

DTOO222 - Outlook - Junk email protection level for outlook.

SYSTEM AND INFORMATION INTEGRITY

DTOO223 - Outlook - Trust EMail from senders in receiver's contact list.

CONFIGURATION MANAGEMENT

DTOO224 - Outlook - Disable the feature of adding recipients of sent eMail to the 'save sender's list.

CONFIGURATION MANAGEMENT

DTOO225 - Outlook - Configure Outlook Dial-up options to Warn user before allowing switch in dial-up access.
DTOO226 - Outlook - Configure Dial-up and Hang up Options for Outlook.

CONFIGURATION MANAGEMENT

DTOO227 - Outlook - Disable the 'do not allow creating, replying or forwarding of signatures feature.

CONFIGURATION MANAGEMENT

DTOO228 - Outlook - Disable Plain Text Options for outbound email.
DTOO229 - Outlook - Make Outlook the default email, calendar, and contacts program.

CONFIGURATION MANAGEMENT

DTOO230 - Outlook - Do not allow folders in non-default stores to be set as folder home pages.

CONFIGURATION MANAGEMENT

DTOO231 - Outlook - Disable the feature that uses Unicode when dragging eMail message to file system.

CONFIGURATION MANAGEMENT

DTOO232 - Outlook - Do not allow Outlook Object Model scripts to run for shared folders.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO233 - Outlook - Do not allow Outlook Object Model scripts to run for public folders.

CONFIGURATION MANAGEMENT

DTOO234 - Outlook - Do not allow Active X One-Off forms to be used in Outlook.
DTOO236 - Outlook - All installed trusted COM addins can be trusted.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO237 - Outlook - Disable the 'remember password' for internet e-mail accounts

IDENTIFICATION AND AUTHENTICATION

DTOO238 - Outlook - Prevent users from customizing attachment security settings.

SYSTEM AND INFORMATION INTEGRITY

DTOO239 - Outlook - Configure Outlook Security Mode to use Policy settings.

CONFIGURATION MANAGEMENT

DTOO240 - Outlook - Disable the ability to displaly level 1 attachments in Outlook.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO241 - Outlook - Allow Users to demote an EMail Level 1 attachment to Level 2.

CONFIGURATION MANAGEMENT

DTOO242 - Outlook - Promping behavior for Level 1 attachments on Sending.

CONFIGURATION MANAGEMENT

DTOO243 - Outlook - Prompting behavior when closing a Level 1 attachment in Outlook.

CONFIGURATION MANAGEMENT

DTOO244 - Outlook - Do not Remove file extensions blocked as level 1.
DTOO245 - Outlook - Do not remove file extensions blocked as level 2.
DTOO246 - Outlook - Do not allow Scripts in One-Off Outlook forms.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO247 - Outlook - Set custom Outlook Object Model (OOM) action execution prompt.

CONFIGURATION MANAGEMENT

DTOO248 - Base - Set Control Item property prompt for data, to automatically deny.

CONFIGURATION MANAGEMENT

DTOO249 - Outlook - Configure Object Model Prompt for programmatic email send behavior.

CONFIGURATION MANAGEMENT

DTOO250 - Outlook - Configure Outlook Object Model Prompt behavior for programmatic address book accesses.

CONFIGURATION MANAGEMENT

DTOO251 - Outlook - Configure Object Model Prompt behavior for programmatic access of user address data.

CONFIGURATION MANAGEMENT

DTOO252 - Outlook - Configure Object Model Prompt behavior for Meeting and Task Responses.

CONFIGURATION MANAGEMENT

DTOO253 - Outlook - Configure Object Model Prompt behavior for the SaveAs method.

CONFIGURATION MANAGEMENT

DTOO254 - Outlook - Configure Object Model Prompt behavior for accessing User Property Formula.

CONFIGURATION MANAGEMENT

DTOO255 - Outlook - Set the Object Model Prompt behavior for programmatic access of the UserProperties.Find Method.

CONFIGURATION MANAGEMENT

DTOO256 - Outlook - Configure trusted add-ins behavior for eMail.
DTOO257 - Outlook - No S/Mime interoperability with external clients for message handling.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO258 - Outlook - Configure S/Mime password setting - default S/Mime password time.
DTOO259 - Office - Enable the feature and configure the maximum S/Mime password time setting.