DTOO279 - Outlook - RPC encryption between Outlook and Exchange server must be enforced.

Information

The remote procedure call (RPC) communication channel between an Outlook client computer and an Exchange server is not encrypted. If a malicious person is able to eavesdrop on the network traffic between Outlook and the server, they might be able to access confidential information.

Solution

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> Exchange 'Enable RPC encryption' to 'Enabled'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Outlook_2010_V1R13_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-3(1), CAT|II, CCI|CCI-001967, Rule-ID|SV-33493r1_rule, STIG-ID|DTOO279, Vuln-ID|V-17615

Plugin: Windows

Control ID: 46d5e206a4e30ddfcc12fdf4ba87ab008e85bc7c3835916b6dd94de51aad4a62