Check: DTOO240
Microsoft Outlook 2013 STIG:
DTOO240
(in versions v1 r13 through v1 r9)
Title
The ability to display level 1 attachments must be disallowed. (Cat II impact)
Discussion
To protect users from viruses and other harmful files, Outlook uses two levels of security, designated Level 1 and Level 2, to restrict access to files attached to email messages or other items. Potentially harmful files can be classified into these two levels by file type extension, with all other file types considered safe. By default, Outlook completely blocks access to Level 1 files, and requires users to save Level 2 files to disk before opening them. If this configuration is changed, users will be able to open and execute potentially dangerous attachments, which can affect their computers or compromise the confidentiality, integrity, or availability of data.
Check Content
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Security -> Security Form Settings -> Attachment Security "Display Level 1 attachments" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\outlook\security Criteria: If the value ShowLevel1Attach is REG_DWORD = 0, this is not a finding.
Fix Text
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Security -> Security Form Settings -> Attachment Security "Display Level 1 attachments" to "Disabled".
Additional Identifiers
Rule ID: SV-53941r1_rule
Vulnerability ID: V-17671
Group Title: DTOO240 - Level 1 Attachments
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001662 |
The information system takes organization-defined corrective action when organization-defined unacceptable mobile code is identified. |
Controls
Number | Title |
---|---|
SC-18 (1) |
Identify Unacceptable Code / Take Corrective Actions |