Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Microsoft InfoPath 2010 STIG
DTOO171 - EMail forms in Restricted Security
Disabling email forms running in Restricted Security Level must be configured.
Disabling email forms running in Restricted Security Level must be configured.
An XCCDF Rule
Details
Profiles
Prose
Disabling email forms running in Restricted Security Level must be configured.
Medium Severity
<VulnDiscussion>InfoPath forms running with the restricted security level, can only access data stored on the forms. However, a malicious user could still send an e-mail form running with the restricted security level, in an attempt to access sensitive information provided by users. By default InfoPath e-mail forms running with the restricted security level can be opened. </VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>System Administrator</Responsibility><Responsibility>Information Assurance Officer</Responsibility><IAControls></IAControls>