STIGQter: STIG Summary: Microsoft Outlook 2010 STIG Version: 1 Release: 13 Benchmark Date: 27 Apr 2018:

S/Mime interoperability with external clients for message handling must be configured.

DISA Rule

SV-33566r1_rule

Vulnerability Number

V-17790

Group Title

DTOO257 - No S/Mime interop w/ external clients

Rule Version

DTOO257 - Outlook

Severity

CAT II

CCI(s)

• CCI-000803 - The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Weight

10

Fix Recommendation

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography “S/MIME interoperability with external clients” to “Enabled (Handle internally)”.

Check Contents

The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography “S/MIME interoperability with external clients” must be set to “Enabled (Handle internally)”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security

Criteria: If the value ExternalSMime is REG_DWORD = 0, this is not a finding.

Vulnerability Number

V-17790

Documentable

False

Rule Version

DTOO257 - Outlook

Severity Override Guidance

The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography “S/MIME interoperability with external clients” must be set to “Enabled (Handle internally)”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security

Criteria: If the value ExternalSMime is REG_DWORD = 0, this is not a finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

2024

Comments