DTOO237 – The remember password for internet e-mail accounts must be disabled.

Details

Use this option to hide your user’s ability to cache passwords locally in the computer’s registry. When configured, this policy will hide the ‘Remember Password’ checkbox and not allow users to have Outlook remember their password. Note that POP3, IMAP, and HTTP e-mail accounts are all considered Internet e-mail accounts in Outlook. E-mail account options are listed on the Server Type dialog box when users choose ‘New’ under Tools | Account Settings.

Solution

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Security ‘Disable ‘Remember password’ for Internet e-mail accounts’ to ‘Enabled’.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Outlook_2016_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Windows.

References

800-53|IA-5(13)
CAT|II
CCI|CCI-002007
Rule-ID|SV-228437r508021_rule
STIG-ID|DTOO237
STIG-Legacy|SV-85777
STIG-Legacy|V-71153
Vuln-ID|V-228437

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles