← Back to Microsoft Outlook 2016 Security Technical Implementation Guide

V-228437

CAT II (Medium)

The remember password for internet e-mail accounts must be disabled.

Rule ID

SV-228437r961521_rule

STIG

Microsoft Outlook 2016 Security Technical Implementation Guide

Version

V2R4

CCIs

CCI-002007

Discussion

Use this option to hide your user's ability to cache passwords locally in the computer's registry. When configured, this policy will hide the 'Remember Password' checkbox and not allow users to have Outlook remember their password. Note that POP3, IMAP, and HTTP e-mail accounts are all considered Internet e-mail accounts in Outlook. E-mail account options are listed on the Server Type dialog box when users choose 'New' under Tools | Account Settings.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Security "Disable 'Remember password' for Internet e-mail accounts" is set to "Enabled".

Procedure: Use the Windows Registry Editor to navigate to the following key: 

HKCU\Software\Policies\Microsoft\Office\16.0\outlook\security

Criteria: If the value EnableRememberPwd is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Security "Disable 'Remember password' for Internet e-mail accounts" to "Enabled".