Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Microsoft InfoPath 2010 STIG
DTOO172 - EMail forms from Internet Zone
DTOO172 - EMail forms from Internet Zone
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
DTOO172 - EMail forms from Internet Zone
1 Rule
<GroupDescription></GroupDescription>
Disabling email forms from the Internet Security Zone must be configured.
Medium Severity
<VulnDiscussion>InfoPath e-mail forms can be designed by an external attacker and sent over the Internet as part of a phishing attempt. Users might fill out such forms and provide sensitive information to the attacker. By default, forms that originate from the Internet can be opened, although those forms cannot access content stored in a different domain. </VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>System Administrator</Responsibility><Responsibility>Information Assurance Officer</Responsibility><IAControls></IAControls>