Title

The remember password for internet e-mail accounts must be disabled. (Cat II impact)

Discussion

Use this option to hide your user's ability to cache passwords locally in the computer's registry. When configured, this policy will hide the 'Remember Password' checkbox and not allow users to have Outlook remember their password. Note that POP3, IMAP, and HTTP e-mail accounts are all considered Internet e-mail accounts in Outlook. E-mail account options are listed on the Server Type dialog box when users choose 'New' under Tools | Account Settings.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Security "Disable 'Remember password' for Internet e-mail accounts" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\16.0\outlook\security Criteria: If the value EnableRememberPwd is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Security "Disable 'Remember password' for Internet e-mail accounts" to "Enabled".

Additional Identifiers

Rule ID: SV-228437r508021_rule

Vulnerability ID: V-228437

Group Title: SRG-APP-000400

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.