Microsoft InfoPath 2013 STIG
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Disabling email forms running in Restricted Security Level must be configured.
InfoPath forms running with the restricted security level, can only access data stored on the forms. However, a malicious user could still send an email form running with the restricted security le...Rule Medium Severity -
Disabling sending form templates with the email forms must be configured.
InfoPath allows users to attach form templates when sending email forms. If users are able to open form templates included with email forms, rather than using a cached version that is previously pu...Rule Medium Severity -
Beaconing UI shown for opened forms must be configured.
Malicious users can create InfoPath forms with embedded Web beacons that can be used to contact an external server when the user opens the form. Information could be gathered by the form, or inform...Rule Medium Severity -
Unsafe file types must be prevented from being attached to InfoPath forms.
Users can attach any type of file to forms except potentially unsafe files that might contain viruses, such as .bat or .exe files. For the full list of file types that InfoPath disallows by default...Rule Medium Severity -
Disabling opening forms with managed code from the Internet security zone must be configured.
When InfoPath solutions are opened locally, the location of the form is checked so that updates to the form can be downloaded. If a user saves a form locally from a location on the Internet and the...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules