UCF STIG Viewer Logo

Do not check eMail address against address of certificates being used - Outlook


Overview

Finding ID Version Rule ID IA Controls Severity
V-17677 DTOO263 - Outlook SV-18850r1_rule ECSC-1 Medium
Description
By default, when a user digitally signs a message, Outlook 2007 compares the user's e-mail address with the certificate used for signing. The user's e-mail address must appear in either the Subject field or the Subject Alternative Name field of the certificate, or Outlook will not allow the user to sign the message with that certificate. If this configuration is changed, users can send messages signed with certificates that do not match their e-mail addresses, which could cause problems when the recipient attempts to read the message or verify the signature.
STIG Date
Microsoft Outlook 2007 2014-10-03

Details

Check Text ( C-18948r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Security -> Cryptography “Do not check e-mail address against address of certificates being used” will be set to “Enabled”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Security

Criteria: If the value SupressNameChecks is REG_DWORD = 1, this is not a finding.
Fix Text (F-17575r1_fix)
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Security -> Cryptography “Do not check e-mail address against address of certificates being used” will be set to “Enabled”.