DTOO271 - Automatic download content for email in Safe Senders list must be disallowed.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This policy setting controls whether Outlook automatically downloads external content in e-mail from senders in the Safe Senders List or Safe Recipients List. If you enable this policy setting, Outlook automatically downloads content for e-mail from people in Safe Senders and Safe Recipients lists. If you disable this policy setting, Outlook will not automatically download content from external servers for messages sent by people listed in users' Safe Senders Lists or Safe Recipients Lists. Recipients can choose to download external content on a message-by-message basis. If you do not configure this policy setting, downloads are permitted when users receive e-mail from people listed in the user's Safe Senders List or Safe Recipients List.

Solution

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Security -> Automatic Picture Download Settings 'Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists' to 'Disabled'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Outlook_2016_V2R1_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(3), CAT|II, CCI|CCI-000366, Rule-ID|SV-228459r508021_rule, STIG-ID|DTOO271, STIG-Legacy|SV-85863, STIG-Legacy|V-71239, Vuln-ID|V-228459

Plugin: Windows

Control ID: 0715c7cfe0a2ad3fbb15304c0d1a19eeb82d9d27766e1df31b9d4550b354075c