DTOO314 - Default message format must be set to use Plain Text.

Information

Outlook uses HTML as the default email format. HTML format poses a security risk by embedding information into the email itself, which could allow for release of sensitive information. If a user attempted to insert an HTML link into an email message, the link itself may direct to a malicious website. By sending in that format, the recipient would be subject to becoming infected by the malicious website.

Solution

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Outlook Options -> Mail Format -> Internet Formatting -> Message Format 'Set message format' to 'Enabled: Plain Text'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Outlook_2013_V1R14_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-242737r961863_rule, STIG-ID|DTOO314, STIG-Legacy|SV-54062, STIG-Legacy|V-26634, Vuln-ID|V-242737

Plugin: Windows

Control ID: 43c5b6e9b4d5711bfdf85d4de2684a8bb8caebdcee29612b8f670d83e3e77586