Title

Check e-mail addresses against addresses of certificates being used must be disallowed. (Cat II impact)

Discussion

This policy setting controls whether Outlook verifies the user's e-mail address with the address associated with the certificate used for signing.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography "Do not check e-mail address against address of certificates being used" must be set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value SupressNameChecks is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography "Do not check e-mail address against address of certificates being used" to "Enabled".

Additional Identifiers

Rule ID: SV-242104r961863_rule

Vulnerability ID: V-242104

Group Title: SRG-APP-000516

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.