Policy
Require SuiteB algorithms for S/MIME operations
Microsoft Office
Policy overview
Key metadata and intent for this policy.
This policy setting determines whether Outlook is required to use NSA Suite B algorithms for S/MIME operations. Outlook implements Suite B, a set of cryptographic algorithms for symmetric encryption, hashing, digital signatures, and key exchange announced in 2005 by the National Security Agency (NSA), a division of the United States Department of Defense. The Suite B protocols can be used to meet U.S. government standards for handling both classified and unclassified information. If you enable this policy setting, Outlook uses only Suite B algorithms for S/MIME operations. The Suite B algorithms are as follows: - Symmetric encryption. Advanced Encryption Standard (AES) with key sizes of 128 and 256 bits. - Message digest. Secure Hash Algorithm (SHA-256 and SHA-384). - Key agreement. Elliptic-Curve Menezes-Qu-Vanstone (ECMQV); Elliptic Curve Diffie-Hellman (ECDH). - Digital Signatures. Elliptic-Curve Digital Signature Algorithm (ECDSA). If you disable or do not configure this policy setting, Outlook can use any available algorithm for S/MIME operations, such as encryption, signing, and so on. Note - For more information about Suite B, see "Fact Sheet NSA Suite B Cryptography" http://www.nsa.gov/ia/industry/crypto_suite_b.cfm.
Registry values
How enabled and disabled states update the registry.
| Scope | Registry location | Type | Enabled value | Disabled value | Copy |
|---|---|---|---|---|---|
| User | Path software\policies\microsoft\office\16.0\outlook\security Value name suitebmode | REG_DWORD | HKCU 1 | HKCU 0 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.