Require SuiteB algorithms for S/MIME operations

This policy setting determines whether Outlook is required to use NSA Suite B algorithms for S/MIME operations. Outlook implements Suite B, a set of cryptographic algorithms for symmetric encryption, hashing, digital signatures, and key exchange announced in 2005 by the National Security Agency (NSA), a division of the United States Department of Defense. The Suite B protocols can be used to meet U.S. government standards for handling both classified and unclassified information.

If you enable this policy setting, Outlook uses only Suite B algorithms for S/MIME operations. The Suite B algorithms are as follows:

- Symmetric encryption. Advanced Encryption Standard (AES) with key sizes of 128 and 256 bits.

- Message digest. Secure Hash Algorithm (SHA-256 and SHA-384).

- Key agreement. Elliptic-Curve Menezes-Qu-Vanstone (ECMQV); Elliptic Curve Diffie-Hellman (ECDH).

- Digital Signatures. Elliptic-Curve Digital Signature Algorithm (ECDSA).

If you disable or do not configure this policy setting, Outlook can use any available algorithm for S/MIME operations, such as encryption, signing, and so on.

Note - For more information about Suite B, see "Fact Sheet NSA Suite B Cryptography"

Supported on: At least Windows 7

Registry Pathsoftware\policies\microsoft\office\16.0\outlook\security
Value Namesuitebmode
Enabled Value1
Disabled Value0


Administrative Templates (Computers)

Administrative Templates (Users)