Check: DTOO344
Microsoft Outlook 2013 STIG:
DTOO344
(in versions v1 r13 through v1 r9)
Title
Outlook Rich Text options must be set for converting to plain text format. (Cat II impact)
Discussion
Outlook automatically converts RTF formatted messages that are sent over the Internet to HTML format, so that the message formatting is maintained and attachments are received. This setting controls how Outlook sends Rich Text Format (RTF) messages to Internet recipients.
Check Content
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Outlook Options -> Mail Format -> Internet Formatting "Outlook Rich Text options" is "Enabled: Convert to Plain Text format". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\outlook\options\mail Criteria: If the value Message RTF Format is REG_DWORD = 1, this is not a finding.
Fix Text
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Outlook Options -> Mail Format -> Internet Formatting "Outlook Rich Text options" to "Enabled: Convert to Plain Text format".
Additional Identifiers
Rule ID: SV-54067r1_rule
Vulnerability ID: V-26633
Group Title: DTOO344 - Outlook Rich Text options
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |