DTOO268 - Outlook - Missing Root Certificates warning must be enforced.

Information

When Outlook accesses a certificate, it validates that it can trust the certificate by examining the root certificate of the issuing CA. If the root certificate can be trusted, then certificates issued by the CA can also be trusted. If Outlook cannot find the root certificate, it cannot validate that any certificates issued by that CA can be trusted. An attacker may compromise a root certificate and then remove the certificate in an attempt to conceal the attack. By default, Outlook displays a warning message when a CRL is not available.

Solution

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography -> Signature Status dialog box 'Missing root certificates' to 'Enabled (Error)'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Outlook_2010_V1R13_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(2)(a), CAT|II, CCI|CCI-000185, Rule-ID|SV-33574r2_rule, STIG-ID|DTOO268, Vuln-ID|V-17756

Plugin: Windows

Control ID: 35ab8f117fe2fd36e975974176af3492ebe513fea81dd9a4faab1d87eae83d90