Microsoft InfoPath 2010 STIG
Rules, Groups, and Values defined within the XCCDF Benchmark
-
DTOO172 - EMail forms from Internet Zone
Group -
Disabling email forms from the Internet Security Zone must be configured.
InfoPath e-mail forms can be designed by an external attacker and sent over the Internet as part of a phishing attempt. Users might fill out such forms and provide sensitive information to the atta...Rule Medium Severity -
DTOO171 - EMail forms in Restricted Security
Group -
DTOO159 - Fully trusted solutions access
Group -
DTOO158 - Solutions from the Internet Zone
Group -
Disabling the opening of solutions from the Internet Security Zone must be configured.
Attackers could use InfoPath solutions published to Internet Web sites to try to obtain sensitive information from users. By default, users can open InfoPath solutions that do not contain managed c...Rule Medium Severity -
DTOO168 - Sending templates with email form
Group -
Disabling sending form templates with the email forms must be configured.
InfoPath allows users to attach form templates when sending e-mail forms. If users are able to open form templates included with e-mail forms, rather than using a cached version that is previously ...Rule Medium Severity -
DTOO170 - 2003 forms as email
Group -
InfoPath 2003 forms as email forms in InfoPath 2010 must be disallowed.
An attacker might target InfoPath 2003 forms to try and compromise an organization's security. InfoPath 2003 did not write a published location for e-mail forms, which means forms could open withou...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.