2.5.9.2.1 (L1) Ensure 'PST Null Data on Delete' is set to 'Enabled'

Information

This policy setting controls whether or not Outlook is forced to fully nullify deleted data in users' Personal Folder files (.pst) at the time that the data is deleted.

NOTE: This setting does not apply to (.ost) files generated when Outlook is connected to either Exchange or Exchange Online.

The recommended state for this setting is: Enabled

When a user deletes mail or other items in Outlook, the data is retained in a portion of the PST file until it is purged or overwritten. Attackers could potentially recover the data by using PST recovery tools. Nulling the data at deletion time will impede this.

Solution

To establish the recommended state via configuration profiles, set the following Settings Catalog path to Enabled :

Microsoft Outlook 2016\Miscellaneous\PST Settings\PST Null Data on Delete

Impact:

Forensics and data recovery of objects permanently removed by a user taking action to empty their Outlook trash bin will be made more difficult. These will need to be recovered by another method such as a system backup.

See Also

https://workbench.cisecurity.org/benchmarks/15808

Item Details

Category: MEDIA PROTECTION

References: 800-53|MP-6

Plugin: Windows

Control ID: 5a5a274bdcfe1b93f6bbecc9e8bc5d9fb535d2d38ac6d1e96cdeb6a0946d89e6