Title

Check e-mail addresses against addresses of certificates being used must be disallowed. (Cat II impact)

Discussion

This policy setting controls whether Outlook verifies the user's email address with the address associated with the certificate used for signing.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Security -> Cryptography "Do not check e-mail address against address of certificates being used" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\outlook\security Criteria: If the value SupressNameChecks is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Security -> Cryptography "Do not check e-mail address against address of certificates being used" to "Enabled".

Additional Identifiers

Rule ID: SV-54066r1_rule

Vulnerability ID: V-26702

Group Title: DTOO320 - Check e-mail address against certificate

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.