Skip to content

Microsoft InfoPath 2010 STIG

Rules, Groups, and Values defined within the XCCDF Benchmark

  • DTOO295 - InfoPath e-mail forms in Outlook

    <GroupDescription></GroupDescription>
    Group
  • InfoPath e-mail forms in Outlook must be disallowed.

    &lt;VulnDiscussion&gt;Attackers can send users InfoPath e-mail forms in an attempt to gain access to confidential information. Depending on the le...
    Rule Medium Severity
  • DTOO296 - Managed code from the Internet

    <GroupDescription></GroupDescription>
    Group
  • Disabling opening forms with managed code from the Internet security zone must be configured.

    &lt;VulnDiscussion&gt;When InfoPath solutions are opened locally, the location of the form is checked so that updates to the form can be downloaded...
    Rule Medium Severity
  • DTOO297 - A form is digitally signed

    <GroupDescription></GroupDescription>
    Group
  • A form that is digitally signed must be displayed with a warning.

    &lt;VulnDiscussion&gt;This setting controls whether the user sees a dialog box when opening Microsoft InfoPath forms containing digitally signed co...
    Rule Medium Severity
  • DTOO309 - APTCA Assembly Allow List Enforcement

    <GroupDescription></GroupDescription>
    Group
  • The InfoPath APTCA Assembly Allowable List must be enforced.

    &lt;VulnDiscussion&gt;InfoPath 2010 forms' business logic can only call into Global Assembly Cache (GAC) assemblies listed in the APTCA Assembly Al...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules