Microsoft InfoPath 2013 STIG
Rules, Groups, and Values defined within the XCCDF Benchmark
-
InfoPath email forms in Outlook must be disallowed.
Attackers can send users InfoPath email forms in an attempt to gain access to confidential information. Depending on the level of trust of the forms, it might also be possible to gain access to oth...Rule Medium Severity -
DTOO296 - Managed code from the Internet
Group -
DTOO297 - A form is digitally signed
Group -
A form that is digitally signed must be displayed with a warning.
This setting controls whether or not the user sees a dialog box when opening Microsoft InfoPath forms containing digitally signed content. By default, InfoPath shows the user a warning message when...Rule Medium Severity -
DTOO309 - APTCA Assembly Allow List Enforcement
Group -
The InfoPath APTCA Assembly Allowable List must be enforced.
InfoPath 2013 forms' business logic can only call into Global Assembly Cache (GAC) assemblies listed in the APTCA Assembly Allowable List. If this configuration is changed, forms can call into any ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules