Microsoft Office System 2013 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Automation Security to enforce macro level security in Office documents must be configured.
When a separate program is used to launch Microsoft Office Excel, PowerPoint, or Word programmatically, any macros can run in the programmatically opened application without being blocked. This fun...Rule Medium Severity -
The encryption type for password protected Open XML files must be set.
If unencrypted files are intercepted, sensitive information in the files can be compromised. To protect information confidentiality, Microsoft Office application files can be encrypted and password...Rule Medium Severity -
Passwords for secured documents must be enforced.
If 2013 Office users add passwords to documents, other users can be prevented from opening the documents. This capability can provide an extra level of protection to documents already protected by ...Rule Medium Severity -
Trust Bar notifications for Security messages must be enforced.
The Message Bar in Office applications is used to identify security issues, such as unsigned macros or potentially unsafe add-ins. When such issues are detected, the application disables the unsafe...Rule Medium Severity -
Users must be prevented from using or inserting apps that come from the Office Store.
This policy setting allows users to be prevented from using or inserting apps that come from the Office Store. If this policy setting is enabled, apps from the Office Store are blocked. If this pol...Rule Medium Severity -
Connection verification of permissions must be enforced.
Users are not required to connect to the network to verify permissions. If users do not need their licenses confirmed when attempting to open Office documents, they might be able to access document...Rule Medium Severity -
ActiveX control initialization must be disabled.
ActiveX controls can adversely affect a computer directly. In addition, malicious code can be used to compromise an ActiveX control and attack a computer. To indicate the safety of an ActiveX contr...Rule Medium Severity -
Office automatic updates must be enabled for Office products installed via Click-to-Run and configured to use a Trusted site.
This policy setting controls whether the Office automatic updates are enabled or disabled for all Office products installed via Click-to-Run. This policy has no effect on Office products installed ...Rule Medium Severity -
SRG-APP-000516
Group -
SRG-APP-000516
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.