STIGQter: STIG Summary: Microsoft Outlook 2016 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

Outlook minimum encryption key length settings must be set.

DISA Rule

SV-228474r508021_rule

Vulnerability Number

V-228474

Group Title

SRG-APP-000514

Rule Version

DTOO316

Severity

CAT II

CCI(s)

• CCI-002450 - The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Weight

10

Fix Recommendation

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Security -> Cryptography "Minimum encryption settings" to "Enabled: 168 bits".

Check Contents

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Security -> Cryptography "Minimum encryption settings" is set to "Enabled: 168 bits".

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\16.0\outlook\security

Criteria: If the value MinEncKey is REG_DWORD = a8 (hex) or 168 (decimal), this is not a finding.

Vulnerability Number

V-228474

Documentable

False

Rule Version

DTOO316

Severity Override Guidance

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Security -> Cryptography "Minimum encryption settings" is set to "Enabled: 168 bits".

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\16.0\outlook\security

Criteria: If the value MinEncKey is REG_DWORD = a8 (hex) or 168 (decimal), this is not a finding.

Check Content Reference

M

Target Key

4224

Comments