Microsoft office system 2013 stig free. STIG Viewer 2.x User Guide
Overview Version Date Finding Count 47 Downloads 2 Available Profiles. Allowing online presentations to be created programmatically allows for the capability of malicious content to become imbedded in those programmatically created presentations. V Medium Document metadata for password protected files must be protected. When an Office Open XML document is protected with a password and saved, any metadata associated with the document is encrypted along with the rest of the document’s contents.
If this V Medium Online content options must be configured for offline content availability. The Office Help system automatically searches MicrosoftOffice. Users can change this default by clearing the Search Microsoft Excel, PowerPoint, and Word users can use the Internet Fax feature to send documents to fax recipients through an Internet fax service provider. If your organization has policies that govern the V Medium Automatic receiving of small updates to improve reliability must be disallowed.
Having access to updates, add-ins, and patches on the Office Online website can help users ensure computers are up to date and equipped with the latest security patches. However, to ensure updates The Opt-in Wizard displays the first time users run a Microsoft Office application, which allows them to opt into Internet-based services that will help improve their Office experience, such When users choose to participate in the Customer Experience Improvement Program CEIP , Office applications automatically send information to Microsoft about how the applications are used.
This policy setting allows the user interface UI options to enable or disable Office automatic updates to be hidden from users. These options are found in the Product Information area of all V Medium When using the Office Feedback tool, the ability to include a screenshot must be disabled. The “Office Feedback” tool, also called “Send-a-Smile”, allows a user to click on an icon and send feedback to Microsoft. The “Office Feedback” Tool must be configured to be disabled.
In the event V Medium The ability to run unsecure Office apps must be disabled. V Medium The Office Telemetry Agent must be configured to obfuscate the file name, file path, and title of Office documents before uploading telemetry data to the shared folder. This policy setting configures the Office Telemetry Agent to disguise, or obfuscate, certain file properties that are reported in telemetry data. If this policy setting is enabled, Office V Medium Legacy format signatures must be enabled.
V Medium Blogging entries created from inside Office products must be configured for SharePoint only. The blogging feature in Office products enables users to compose blog entries and post them to their blogs directly from Office, without using any additional software.
By default, users can post This configuration could allow This policy setting allows a document’s properties to be encrypted. Disabling this V Medium Office automatic updates must be enabled for Office products installed via Click-to-Run and configured to use a Trusted site.
This policy setting controls whether the Office automatic updates are enabled or disabled for all Office products installed via Click-to-Run. This policy has no effect on Office products installed V Medium Automation Security to enforce macro level security in Office documents must be configured. When a separate program is used to launch Microsoft Office Excel, PowerPoint, or Word programmatically, any macros can run in the programmatically opened application without being blocked.
Office Telemetry is a new compatibility monitoring framework. When an Office document or solution is loaded, used, closed, or raises an error in certain Office applications, the Office V Medium Documents must be configured to not open as Read Write when browsing.
By default, when an Office document on a web server is opened using Internet Explorer, the appropriate application opens the file in read-only mode. However, if the default configuration is V Medium Roaming settings must be stored locally and not synchronized to the Microsoft Office roaming settings web service.
Microsoft Office includes the ability to roam settings for specific Office features amongst devices by storing this data in the cloud. This data includes user activity such as the list of most V Medium The ability of the Office Telemetry Agent to periodically upload telemetry data to a shared folder must be disabled.
If unencrypted files are intercepted, sensitive information in the files can be compromised. To protect information confidentiality, Microsoft Office application files can be encrypted and V Medium The encryption type for password protected Office 97 thru Office must be set. OneDrive formerly SkyDrive is a cloud based storage feature that introduces the capability for users to save documents to locations outside of protected enclaves.
This feature introduces the The ability to automatically bind hyperlink to a screenshot inserted through the Insert Screenshot tool introduces the possibility of a malicious URL or website being imbedded in the Word, V Medium The ability to sign into Office must be disabled. Office can be configured to prompt users for credentials to Office using either their Microsoft Account or the user ID assigned by an organization for accessing Office Access to V Medium The first-run prompt to sign into Office must be disabled.
Office functionality allows users to provide credentials for accessing Office using either their Microsoft Account, or the user ID assigned by the organization. Access to Office will V Medium The video informing a user about signing into Office must be disabled. Office is a subscription-based service which offers access to various Microsoft Office applications. Access to Office will not be permitted; only locally installed and configured Office V Medium A mix of policy and user locations for Office Products must be disallowed.
When Microsoft Office files are opened from trusted locations, all the content in the files is enabled and active. Users are not notified about any potential risks that might be contained in the This policy setting controls whether users see a security warning when they open custom Document Information Panels that contain a web beaconing threat.
Web beacons can be used to contact an V Medium Hyperlink warnings for Office must be configured for use.
Unsafe hyperlinks are links that might pose a security risk if users click them. Clicking an unsafe link could compromise the security of sensitive information or harm the computer. Links that The “Help Improve Proofing Tools” feature collects data about use of the Proofing Tools, such as additions to the custom dictionary, and sends it to Microsoft.
After about six months, the feature V Medium Office client polling of SharePoint servers published links must be disabled. Users of Office applications can see and use links to Microsoft Office SharePoint Server sites from those applications. Administrators configure published links to Office applications during One or more components that provide the logic needed for a Smart Document are packaged by using an V Medium The Office Feedback tool must be disabled. Applications used by DoD users should not be able to provide feedback to The Office Presentation Service is a free, public service that allows others to follow along in a web browser.
V Medium Trust Bar notifications for Security messages must be enforced. The Message Bar in Office applications is used to identify security issues, such as unsigned macros or potentially unsafe add-ins. When such issues are detected, the application disables the V Medium Passwords for secured documents must be enforced. If Office users add passwords to documents, other users can be prevented from opening the documents. This capability can provide an extra level of protection to documents already protected by V Medium Users must be prevented from using or inserting apps that come from the Office Store.
This policy setting allows users to be prevented from using or inserting apps that come from the Office Store. If this policy setting is enabled, apps from the Office Store are blocked. V Medium Load controls in forms3 must be disabled from loading.
ActiveX controls can access the local file system and change the registry settings of V Medium Office must be configured to not allow read with browsers. The Windows Rights Management Add-on for Internet Explorer provides a way for users who do not use the Office release to view, but not alter, files with restricted permissions. By default, V Medium Changing permissions on rights managed content for users must be enforced. This setting controls whether Office users can change permissions for content that is protected with Information Rights Management IRM.
The Information Rights Management feature of Office V Medium ActiveX control initialization must be disabled. ActiveX controls can adversely affect a computer directly.
Microsoft Office System STIG
Может быть, все это чепуха, – сказала Мидж, – но в статистических данных по шифровалке вдруг вылезло что-то несуразное. Я надеюсь, что ты мне все объяснишь. – В чем же проблема? – Джабба сделал глоток своей жгучей приправы.
STIGs Document Library – DoD Cyber Exchange
When a separate program is used to launch Microsoft Office Excel, PowerPoint, or Word programmatically, any macros can run in the programmatically opened application without being blocked. When such issues are detected, the application disables the Implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems: 1. Using Webmail. Offline Audit Tool Version 3.