Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Microsoft InfoPath 2010 STIG
DTOO294 - E-mail forms from the Intranet
DTOO294 - E-mail forms from the Intranet
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
DTOO294 - E-mail forms from the Intranet
1 Rule
<GroupDescription></GroupDescription>
InfoPath must be enforced to not use e-mail forms from the Intranet security zone.
Medium Severity
<VulnDiscussion>InfoPath e-mail forms can be designed by an internal attacker and sent over the local intranet, and users might fill out such forms and provide sensitive information to the attacker. By default, forms that originate from the local intranet can be opened.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>System Administrator</Responsibility><Responsibility>Information Assurance Officer</Responsibility><IAControls></IAControls>