Details

This policy setting controls whether Outlook users can publish e-mail certificates to the Global Address List (GAL).

If you enable this policy setting, the ‘Publish to GAL’ button does not display in the ‘E-mail Security’ section of the Trust Center.

If you disable or do not configure this policy setting, Outlook users can publish their e-mail certificates to the GAL through the ‘E-mail Security’ section of the Trust Center. The recommended state for this setting is: Enabled.

Rationale:

By default, Outlook users can publish their e-mail certificates to the GAL through the E-mail Security section of the Trust Center. If your organization has policies that govern the use of digital certificates for signing and encrypting e-mail messages, allowing users to publish certificates might violate those policies.

Solution

To implement the recommended configuration state, set the following Group Policy setting to Enabled.

User ConfigurationAdministrative TemplatesMicrosoft Outlook 2013SecurityCryptographyDo not display ‘Publish to GAL’ button

Impact:

Enabling this setting prevents Outlook users from publishing their e-mail certificates to the GAL. Users who need to publish a new or updated certificate will have to contact an administrator.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/552

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.

References

• 800-53|CM-7b.

Source

• Tenable.com/audits