1.13.6 Ensure 'Configure Add-In Trust Level' is set to Enabled:Trust all loaded and installed COM addins

Information

All installed trusted COM addins can be trusted. Exchange Settings for the addins still override if present and this option is selected. The recommended state for this setting is: Enabled:Trust all loaded and installed COM addins.

Rationale:

Under normal circumstances the installed COM add-ins are applications that have been approved and intentionally deployed by the organization and therefore they should not pose a security threat. However, if malware has infected systems its possible that the malware will use the COM add-in feature to perform unauthorized actions.

Solution

To implement the recommended configuration state, set the following Group Policy setting to Enabled.

User Configuration\Administrative Templates\Microsoft Outlook 2013\Security\Configure Add-In Trust Level

Then set the Configure Add-In Trust Level option to Trust all loaded and installed COM addins.

Impact:

This setting enforces the default configuration, and therefore is unlikely to cause significant usability issues for most users.

See Also

https://workbench.cisecurity.org/files/552

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(4)

Plugin: Windows

Control ID: 0aa35c87e2ba7637d0961bb35999f144d6f2646c2e254e433101338eb6ae3f77