Microsoft Office 365 ProPlus Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000210
<GroupDescription></GroupDescription>Group -
Encrypted macros in PowerPoint Open XML presentations must be scanned.
<VulnDiscussion>This policy setting controls whether encrypted macros in Open XML presentations are required to be scanned with anti-virus so...Rule Medium Severity -
SRG-APP-000210
<GroupDescription></GroupDescription>Group -
File validation in PowerPoint must be enabled.
<VulnDiscussion>This policy setting allows you to turn off the file validation feature. If you enable this policy setting, file validation wi...Rule Medium Severity -
SRG-APP-000210
<GroupDescription></GroupDescription>Group -
Macros from the Internet must be blocked from running in PowerPoint.
<VulnDiscussion>This policy setting allows you to block macros from running in Office files that come from the Internet. If you enable this p...Rule Medium Severity -
SRG-APP-000131
<GroupDescription></GroupDescription>Group -
Unsigned add-ins in PowerPoint must be blocked with no Trust Bar Notification to the user.
<VulnDiscussion>This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are lo...Rule Medium Severity -
SRG-APP-000207
<GroupDescription></GroupDescription>Group -
Files downloaded from the Internet must be opened in Protected view in PowerPoint.
<VulnDiscussion>This policy setting allows you to determine if files downloaded from the Internet zone open in Protected View. If you enable ...Rule Medium Severity -
SRG-APP-000207
<GroupDescription></GroupDescription>Group -
PowerPoint attachments opened from Outlook must be in Protected View.
<VulnDiscussion>This policy setting allows for determining whether PowerPoint files in Outlook attachments open in Protected View. If enablin...Rule Medium Severity -
SRG-APP-000207
<GroupDescription></GroupDescription>Group -
Files in unsafe locations must be opened in Protected view in PowerPoint.
<VulnDiscussion>This policy setting determines whether files located in unsafe locations will open in Protected View. If unsafe locations hav...Rule Medium Severity -
SRG-APP-000210
<GroupDescription></GroupDescription>Group -
If file validation fails, files must be opened in Protected view in PowerPoint with ability to edit disabled.
<VulnDiscussion>This policy setting controls how Office handles documents when they fail file validation. If you enable this policy setting, ...Rule Medium Severity -
SRG-APP-000210
<GroupDescription></GroupDescription>Group -
The use of network locations must be ignored in PowerPoint.
<VulnDiscussion>This policy setting controls whether trusted locations on the network can be used. If you enable this policy setting, users c...Rule Medium Severity -
SRG-APP-000207
<GroupDescription></GroupDescription>Group -
Publisher must be configured to prompt the user when another application programmatically opens a macro.
<VulnDiscussion>This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are lo...Rule Medium Severity -
SRG-APP-000131
<GroupDescription></GroupDescription>Group -
Publisher must automatically disable unsigned add-ins without informing users.
<VulnDiscussion>This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are lo...Rule Medium Severity -
SRG-APP-000131
<GroupDescription></GroupDescription>Group -
Publisher must disable all unsigned VBA macros.
<VulnDiscussion>This policy setting controls how the specified applications warn users when Visual Basic for Applications (VBA) macros are pr...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
VBA Macros not digitally signed must be blocked in Visio.
<VulnDiscussion>This policy setting controls how the specified applications warn users when Visual Basic for Applications (VBA) macros are pr...Rule Medium Severity -
SRG-APP-000210
<GroupDescription></GroupDescription>Group -
Trusted Locations on the network must be disabled in Visio.
<VulnDiscussion>This policy setting controls whether trusted locations on the network can be used. If you enable this policy setting, users ...Rule Medium Severity -
SRG-APP-000131
<GroupDescription></GroupDescription>Group -
Visio must automatically disable unsigned add-ins without informing users.
<VulnDiscussion>This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are lo...Rule Medium Severity -
SRG-APP-000207
<GroupDescription></GroupDescription>Group -
Visio 2000-2002 Binary Drawings, Templates and Stencils must be blocked.
<VulnDiscussion>This policy setting allows you to determine whether users can open or save Visio files with the format specified by the title...Rule Medium Severity -
SRG-APP-000207
<GroupDescription></GroupDescription>Group -
Visio 2003-2010 Binary Drawings, Templates and Stencils must be blocked.
<VulnDiscussion>This policy setting allows you to determine whether users can open or save Visio files with the format specified by the title...Rule Medium Severity -
SRG-APP-000207
<GroupDescription></GroupDescription>Group -
Visio 5.0 or earlier Binary Drawings, Templates and Stencils must be blocked.
<VulnDiscussion>This policy setting allows you to determine whether users can open or save Visio files with the format specified by the title...Rule Medium Severity -
SRG-APP-000210
<GroupDescription></GroupDescription>Group -
Macros must be blocked from running in Visio files from the Internet.
<VulnDiscussion>This policy setting allows you to block macros from running in Office files that come from the Internet. If you enable this ...Rule Medium Severity -
SRG-APP-000131
<GroupDescription></GroupDescription>Group -
Word must automatically disable unsigned add-ins without informing users.
<VulnDiscussion>This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are lo...Rule Medium Severity -
SRG-APP-000210
<GroupDescription></GroupDescription>Group -
In Word, encrypted macros must be scanned.
<VulnDiscussion>This policy setting controls whether encrypted macros in Open XML documents be are required to be scanned with anti-virus sof...Rule Medium Severity -
SRG-APP-000207
<GroupDescription></GroupDescription>Group -
Files downloaded from the Internet must be opened in Protected view in Word.
<VulnDiscussion>This policy setting allows you to determine if files downloaded from the Internet zone open in Protected View. If you enable...Rule Medium Severity -
SRG-APP-000207
<GroupDescription></GroupDescription>Group -
Files located in unsafe locations must be opened in Protected view in Word.
<VulnDiscussion>This policy setting lets you determine if files located in unsafe locations will open in Protected View. If you have not spec...Rule Medium Severity -
SRG-APP-000207
<GroupDescription></GroupDescription>Group -
If file validation fails, files must be opened in Protected view in Word with ability to edit disabled.
<VulnDiscussion>This policy setting controls how Office handles documents when they fail file validation. If you enable this policy setting...Rule Medium Severity -
SRG-APP-000207
<GroupDescription></GroupDescription>Group -
Word attachments opened from Outlook must be in Protected View.
<VulnDiscussion>This policy setting allows you to determine if Word files in Outlook attachments open in Protected View. If you enable this ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.