Title

Do not include Internet Calendar Integration in Outlook must be enforced. (Cat II impact)

Discussion

The Internet Calendar feature in Outlook enables users to publish calendars online (using the webcal:// protocol) and subscribe to calendars that others have published. When users subscribe to an Internet calendar, Outlook queries the calendar at regular intervals and downloads any changes as they are posted. By default, Outlook allows users to subscribe to Internet calendars. If your organization has policies that govern the use of external resources such as Internet calendars, this feature might enable users to violate those policies.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> Internet Calendars “Do not include Internet Calendar integration in Outlook” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\webcal Criteria: If the value Disable is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> Internet Calendars “Do not include Internet Calendar integration in Outlook” to “Enabled”.

Additional Identifiers

Rule ID: SV-33499r1_rule

Vulnerability ID: V-17678

Group Title: DTOO285 - Internet Calendar Integration

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.