Microsoft InfoPath 2010 STIG
Rules, Groups, and Values defined within the XCCDF Benchmark
-
DTOO294 - E-mail forms from the Intranet
Group -
DTOO295 - InfoPath e-mail forms in Outlook
Group -
InfoPath e-mail forms in Outlook must be disallowed.
Attackers can send users InfoPath e-mail forms in an attempt to gain access to confidential information. Depending on the level of trust of the forms, it might also be possible to gain access to o...Rule Medium Severity -
DTOO296 - Managed code from the Internet
Group -
DTOO297 - A form is digitally signed
Group -
A form that is digitally signed must be displayed with a warning.
This setting controls whether the user sees a dialog box when opening Microsoft InfoPath forms containing digitally signed content. By default, InfoPath shows the user a warning message when the fo...Rule Medium Severity -
DTOO309 - APTCA Assembly Allow List Enforcement
Group -
The InfoPath APTCA Assembly Allowable List must be enforced.
InfoPath 2010 forms' business logic can only call into Global Assembly Cache (GAC) assemblies listed in the APTCA Assembly Allowable List. If this configuration is changed, forms can call into any...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules