Microsoft Excel 2010
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Corrupt workbook options must be disallowed.
<VulnDiscussion>This setting controls whether Excel presents users with a list of data extraction options before beginning an Open and Repair...Rule Medium Severity -
All automatic loading from Trusted Locations must be disabled.
<VulnDiscussion>Trusted locations specified in the Trust Center are used to define file locations assumed to be safe. Content, code, and add-...Rule Medium Severity -
DTOO142 - Force Scan Encr. Macros in open XML
<GroupDescription></GroupDescription>Group -
Force encrypted macros to be scanned in open XML documents must be determined and configured.
<VulnDiscussion>When an Office Open XML document (Word, Excel, and PowerPoint) is rights-managed, or password-protected, any macros embedded ...Rule Medium Severity -
DTOO134 - Trusted locations on computer
<GroupDescription></GroupDescription>Group -
Disallowance of Trusted Locations on the network must be enforced.
<VulnDiscussion>Files located in Trusted Locations and specified in the Trust Center are assumed to be safe. Content, code, and add-ins are a...Rule Medium Severity -
DTOO139 - Save files default format
<GroupDescription></GroupDescription>Group -
Save files default format must be configured.
<VulnDiscussion>When users create new Excel files, Excel 2010 saves them in the new *.xlsx format. Ensure this setting is enabled to specify ...Rule Medium Severity -
DTOO146-Disable Trust access to VB Project Macros
<GroupDescription></GroupDescription>Group -
Trust access for VBA must be disallowed.
<VulnDiscussion>VSTO projects require access to the Visual Basic for Applications project system in Excel, PowerPoint, and Word, even though ...Rule Medium Severity -
DTOO304 - VBA Macro Warning settings
<GroupDescription></GroupDescription>Group -
DTOO119 - Turn off file validation
<GroupDescription></GroupDescription>Group -
Warning Bar settings for VBA macros must be configured.
<VulnDiscussion>When users open files containing VBA Macros, applications open the files with the macros disabled and displays the Trust Bar ...Rule Medium Severity -
DTOO143 - Force File Extension to match type
<GroupDescription></GroupDescription>Group -
File types must be configured to provide mismatch warnings.
<VulnDiscussion>Excel can load files with extensions that do not match the files' type. For example, if a comma-separated values (CSV) file n...Rule Medium Severity -
DTOO138 - Internet and Network Path hyperlinks
<GroupDescription></GroupDescription>Group -
Internet links and Network UNCs created as embedded hyperlinks must be prevented.
<VulnDiscussion>When users type a string of characters, Excel recognizes as a Uniform Resource Locator (URL) or Uniform Naming Convention (UN...Rule Medium Severity -
DTOO140 - Disable AutoRepublish
<GroupDescription></GroupDescription>Group -
Automatic republish to web pages must be disallowed.
<VulnDiscussion>If users choose to publish Excel data to a static Web page and enable the AutoRepublish feature, Excel saves a copy of the da...Rule Medium Severity -
DTOO150 - Automatic Link Updates
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.