STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Microsoft Outlook 2016 Security Technical Implementation Guide

V-228435

CAT II (Medium)

ActiveX One-Off forms must be configured.

Rule ID

SV-228435r961092_rule

STIG

Microsoft Outlook 2016 Security Technical Implementation Guide

Version

V2R4

CCIs

CCI-001170

Discussion

By default, third-party ActiveX controls are not allowed to run in one-off forms in Outlook. You can change this behavior so that Safe Controls (Microsoft Forms 2.0 controls and the Outlook Recipient and Body controls) are allowed in one-off forms, or so that all ActiveX controls are allowed to run.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Security "Allow Active X One Off Forms" is set to "Enabled: Load only Outlook Controls".

Procedure: Use the Windows Registry Editor to navigate to the following key: 

HKCU\Software\Policies\Microsoft\Office\16.0\outlook\security

Criteria: If the value AllowActiveXOneOffForms is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Security "Allow Active X One Off Forms" to "Enabled: Load only Outlook Controls".