Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Microsoft Office System 2013 Security Technical Implementation Guide
SRG-APP-000328
Office must be configured to not allow read with browsers.
Office must be configured to not allow read with browsers.
An XCCDF Rule
Details
Profiles
Prose
Office must be configured to not allow read with browsers.
Medium Severity
<VulnDiscussion>The Windows Rights Management Add-on for Internet Explorer provides a way for users who do not use the 2013 Office release to view, but not alter, files with restricted permissions. By default, IRM-enabled files are saved in a format that cannot be viewed by using the Windows Rights Management Add-on. If this setting is enabled, an embedded rights-managed HTML version of the content is saved with each IRM-enabled file, which can be viewed in Internet Explorer using the add-on, representing the risk of documents being read by those without the rights and not intended to have access to the document.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>