Microsoft Office System 2013 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
The Help Improve Proofing Tools feature for Office must be configured.
<VulnDiscussion>The "Help Improve Proofing Tools" feature collects data about use of the Proofing Tools, such as additions to the custom dict...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
A mix of policy and user locations for Office Products must be disallowed.
<VulnDiscussion>When Microsoft Office files are opened from trusted locations, all the content in the files is enabled and active. Users are ...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Smart Documents use of Manifests in Office must be disallowed.
<VulnDiscussion>An XML expansion pack is the group of files that constitutes a Smart Document in Excel and Word. One or more components that ...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Legacy format signatures must be enabled.
<VulnDiscussion>Office applications use the XML-based XMLDSIG format to attach digital signatures to documents, including Office 97-2003 bina...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
External Signature Services Menu for Office must be suppressed.
<VulnDiscussion>Users can select Add Signature Services (from the Signature Line drop-down menu on the Insert tab of the Ribbon in Excel 2013...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Inclusion of document properties for PDF and XPS output must be disallowed.
<VulnDiscussion>If the Microsoft Save as PDF or XPS Add-in for Microsoft Office Programs is installed, document properties are saved as metad...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Blogging entries created from inside Office products must be configured for SharePoint only.
<VulnDiscussion>The blogging feature in Office products enables users to compose blog entries and post them to their blogs directly from Offi...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
The Enable Updates and Disable Updates options in the UI must be hidden from users.
<VulnDiscussion>This policy setting allows the user interface (UI) options to enable or disable Office automatic updates to be hidden from us...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
When using the Office Feedback tool, the ability to include a screenshot must be disabled.
<VulnDiscussion>The "Office Feedback" tool, also called "Send-a-Smile", allows a user to click on an icon and send feedback to Microsoft. The...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
The ability to run unsecure Office apps must be disabled.
<VulnDiscussion>Unsecure apps for Office, which are apps that have web page or catalog locations that are not SSL-secured (https://), and/or ...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
The Office Telemetry Agent must be configured to obfuscate the file name, file path, and title of Office documents before uploading telemetry data to the shared folder.
<VulnDiscussion>This policy setting configures the Office Telemetry Agent to disguise, or obfuscate, certain file properties that are reporte...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
The Opt-In Wizard must be disabled.
<VulnDiscussion>The Opt-in Wizard displays the first time users run a 2013 Microsoft Office application, which allows them to opt into Intern...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
The Customer Experience Improvement Program for Office must be disabled.
<VulnDiscussion>When users choose to participate in the Customer Experience Improvement Program (CEIP), Office applications automatically sen...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Automatic receiving of small updates to improve reliability must be disallowed.
<VulnDiscussion>Having access to updates, add-ins, and patches on the Office Online website can help users ensure computers are up to date an...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
The Internet Fax Feature must be disabled.
<VulnDiscussion>Excel, PowerPoint, and Word users can use the Internet Fax feature to send documents to fax recipients through an Internet fa...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Online content options must be configured for offline content availability.
<VulnDiscussion>The Office 2013 Help system automatically searches MicrosoftOffice.com for content when a computer is connected to the Intern...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
The video informing a user about signing into Office365 must be disabled.
<VulnDiscussion>Office 365 is a subscription-based service which offers access to various Microsoft Office applications. Access to Office 36...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
The first-run prompt to sign into Office365 must be disabled.
<VulnDiscussion>Office 365 functionality allows users to provide credentials for accessing Office 365 using either their Microsoft Account, o...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
The ability to sign into Office365 must be disabled.
<VulnDiscussion>Office 2013 can be configured to prompt users for credentials to Office365 using either their Microsoft Account or the user I...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
The ability to automatically hyperlink screenshots within Word, PowerPoint, Excel and Outlook must be disabled.
<VulnDiscussion>The ability to automatically bind hyperlink to a screenshot inserted through the Insert Screenshot tool introduces the possib...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
The prompt to save to OneDrive (formerly SkyDrive) must be disabled.
<VulnDiscussion>OneDrive (formerly SkyDrive) is a cloud based storage feature that introduces the capability for users to save documents to l...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Office Presentation Service must be removed as an option for presenting PowerPoint and Word online.
<VulnDiscussion>The Office Presentation Service is a free, public service that allows others to follow along in a web browser. Allowing this...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
The Office Feedback tool must be disabled.
<VulnDiscussion>The "Office Feedback" tool, also called "Send-a-Smile", allows a user to click on an icon and send feedback to Microsoft. App...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Roaming settings must be stored locally and not synchronized to the Microsoft Office roaming settings web service.
<VulnDiscussion>Microsoft Office includes the ability to roam settings for specific Office features amongst devices by storing this data in t...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
The ability of the Office Telemetry Agent to periodically upload telemetry data to a shared folder must be disabled.
<VulnDiscussion>Office Telemetry is a new compatibility monitoring framework. When an Office document or solution is loaded, used, closed, or...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.