Skip to content
Log In

Microsoft Office System 2013 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • A mix of policy and user locations for Office Products must be disallowed.

    When Microsoft Office files are opened from trusted locations, all the content in the files is enabled and active. Users are not notified about any potential risks that might be contained in the fi...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • SRG-APP-000516

    Group
    Show

  • Legacy format signatures must be enabled.

    Office applications use the XML-based XMLDSIG format to attach digital signatures to documents, including Office 97-2003 binary documents. XMLDSIG signatures are not recognized by Office 2003 appli...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • SRG-APP-000516

    Group
    Show

  • Inclusion of document properties for PDF and XPS output must be disallowed.

    If the Microsoft Save as PDF or XPS Add-in for Microsoft Office Programs is installed, document properties are saved as metadata when users save or publish files using the PDF or XPS commands in Ac...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • Blogging entries created from inside Office products must be configured for SharePoint only.

    The blogging feature in Office products enables users to compose blog entries and post them to their blogs directly from Office, without using any additional software. By default, users can post bl...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • SRG-APP-000516

    Group
    Show

  • When using the Office Feedback tool, the ability to include a screenshot must be disabled.

    The "Office Feedback" tool, also called "Send-a-Smile", allows a user to click on an icon and send feedback to Microsoft. The "Office Feedback" Tool must be configured to be disabled. In the event ...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • The ability to run unsecure Office apps must be disabled.

    Unsecure apps for Office, which are apps that have web page or catalog locations that are not SSL-secured (https://), and/or are not in users' Internet zones may allow data to be transmitted/access...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • The Office Telemetry Agent must be configured to obfuscate the file name, file path, and title of Office documents before uploading telemetry data to the shared folder.

    This policy setting configures the Office Telemetry Agent to disguise, or obfuscate, certain file properties that are reported in telemetry data. If this policy setting is enabled, Office Telemetry...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • The Opt-In Wizard must be disabled.

    The Opt-in Wizard displays the first time users run a 2013 Microsoft Office application, which allows them to opt into Internet-based services that will help improve their Office experience, such a...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000141

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules