Check: O365-OU-000017
Microsoft Office 365 ProPlus STIG:
O365-OU-000017
(in versions v2 r12 through v1 r1)
Title
Level 1 file attachments must be blocked from being delivered. (Cat II impact)
Discussion
This policy setting controls whether Outlook users can demote attachments to Level 2 by using a registry key, which will allow them to save files to disk and open them from that location. Outlook uses two levels of security to restrict access to files attached to email messages or other items. Files with specific extensions can be categorized as Level 1 (users cannot view the file) or Level 2 (users can open the file after saving it to disk). Users can freely open files of types that are not categorized as Level 1 or Level 2. If you enable this policy setting, users can create a list of Level 1 file types to demote to Level 2 by adding the file types to the following registry key: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security\Level1Remove. If this policy setting is disabled or not configured, users cannot demote Level 1 attachments to Level 2, and the HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security\Level1Remove registry key has no effect.
Check Content
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Outlook 2016 >> Security >> Security Form Settings >> Attachment Security >> Remove file extensions blocked as Level 1 is set to "Disabled". Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\microsoft\office\16.0\outlook\security\FileExtensionsRemoveLevel1 If the registry key exists, this is a finding.
Fix Text
Set the policy value for User Configuration >> Administrative Templates >> Microsoft Outlook 2016 >> Security >> Security Form Settings >> Attachment Security >> Remove file extensions blocked as Level 1 to "Disabled".
Additional Identifiers
Rule ID: SV-223362r879628_rule
Vulnerability ID: V-223362
Group Title: SRG-APP-000207
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001662 |
The information system takes organization-defined corrective action when organization-defined unacceptable mobile code is identified. |
Controls
Number | Title |
---|---|
SC-18 (1) |
Identify Unacceptable Code / Take Corrective Actions |