STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Microsoft Outlook 2016 Security Technical Implementation Guide

V-251872

CAT II (Medium)

Text in Outlook that represents internet and network paths must not be automatically turned into hyperlinks.

Rule ID

SV-251872r961863_rule

STIG

Microsoft Outlook 2016 Security Technical Implementation Guide

Version

V2R4

CCIs

CCI-000366

Discussion

The ability of Outlook to automatically turn text that represents internet and network paths into hyperlinks would allow users to click on those hyperlinks in an email message and access malicious or otherwise harmful websites.

Check Content

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Outlook 2016 >> Outlook Options >> "Internet and network path into hyperlinks" is set to "Disabled".

Procedure: Use the Windows Registry Editor to navigate to the following key: 

HKCU\software\policies\Microsoft\office\16.0\outlook\options\autoformat

Criteria: If the value pgrfafo_25_1 is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy User Configuration >> Administrative Templates >> Microsoft Outlook 2016 >> Outlook Options >> "Internet and network path into hyperlinks" must be set to "Disabled".