Microsoft Office System 2010 STIG
Rules, Groups, and Values defined within the XCCDF Benchmark
-
DTOO191-ActiveX Control Initialization for Office
Group -
ActiveX control initialization must be disabled.
ActiveX controls can adversely affect a computer directly. In addition, malicious code can be used to compromise an ActiveX control and attack a computer. To indicate the safety of an ActiveX contr...Rule Medium Severity -
Blogging entries created from inside Office products must be configured for Sharepoint only.
The blogging feature in Office products enables users to compose blog entries and post them to their blogs directly from Office, without using any additional software. By default, users can post bl...Rule Medium Severity -
The Customer Experience Improvement Program for Office must be disabled.
When users choose to participate in the Customer Experience Improvement Program (CEIP), Office applications automatically send information to Microsoft about how the applications are used. This inf...Rule Medium Severity -
The Help Improve Proofing Tools feature for Office must be configured.
The Help Improve Proofing Tools feature collects data about use of the Proofing Tools, such as additions to the custom dictionary, and sends it to Microsoft. After about six months, the feature sto...Rule Medium Severity -
Inclusion of document properties for PDF and XPS output must be disallowed.
If the Microsoft Save as PDF or XPS Add-in for Microsoft Office Programs add-in is installed, document properties are saved as metadata when users save files using the PDF or XPS or Publish as PDF ...Rule Medium Severity -
Microsoft passport Service for content must be disallowed.
This controls whether users can open protected content created with a Windows Live ID (formerly Microsoft .NET Passport) authenticated account. If your organization has policies that govern acces...Rule Medium Severity -
Smart Documents use of Manifests in Office must be disallowed.
An XML expansion pack is the group of files that constitutes a Smart Document in Excel and Word. You package one or more components that provide the logic needed for a Smart Document by using an XM...Rule Medium Severity -
Automatic receiving of small updates to improve reliability must be disallowed.
Office Diagnostics is used to improve the user experience by periodically downloading a small file to the computer with updated help information about specific problems. If Office Diagnostics is en...Rule Medium Severity -
Legacy format signatures must be enabled.
Office applications use the XML–based XMLDSIG format to attach digital signatures to documents, including Office 97-2003 binary documents. XMLDSIG signatures are not recognized by Office 2003 appli...Rule Medium Severity -
Load controls in forms3 must be disabled from loading.
ActiveX controls are Component Object Model (COM) objects and have unrestricted access to users' computers. ActiveX controls can access the local file system and change the registry settings of the...Rule Medium Severity -
Changing permissions on rights managed content for users must be enforced.
This setting controls whether Office 2010 users can change permissions for content that is protected with Information Rights Management (IRM). The Information Rights Management feature of Office ...Rule Medium Severity -
Document metadata for password protected files must be protected.
When an Office Open XML document is protected with a password and saved, any metadata associated with the document is encrypted along with the rest of the document's contents. If this configuration...Rule Medium Severity -
Vector markup Language (VML) for displaying graphics in browsers must be disallowed.
When saving documents as Web pages, Excel, PowerPoint, and Word can save vector–based graphics in Vector Markup Language (VML), which enables Internet Explorer to display them smoothly at any resol...Rule Medium Severity -
Key Usage Filtering must be allowed.
This policy setting allows you to filter a list of digital certificates for signing Excel, PowerPoint, and Word documents, based on the Key Usage field. The Key Usage field in a certificate is used...Rule Medium Severity -
DTOO196 - Mix of Policy and User Locations
Group -
A mix of policy and user locations for Office Products must be disallowed.
When Microsoft Office files are opened from trusted locations, all the content in the files is enabled and active. Users are not notified about any potential risks that might be contained in the fi...Rule Medium Severity -
DTOO212 - Control Blogging
Group -
DTOO200 - Allow users to read with browsers
Group -
Office must be configured to not allow read with browsers.
The Windows Rights Management Add-on for Internet Explorer provides a way for users who do not use the 2010 Office release to view, but not alter, files with restricted permissions. By default, IRM...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.