II - Mission Support Sensitive
Rules and Groups employed by this XCCDF Profile
-
DTOO119 - Turn off file validation
Group -
Configuration for file validation must be enforced.
Office File Validation helps detect and prevent a kind of exploit known as a file format attack or file fuzzing attack. File format attacks exploit the integrity of a file. They occur when someone ...Rule Medium Severity -
DTOO122 - dBase III / IV files
Group -
Open/Save actions for dBase III / IV files must be blocked.
This setting specifies whether users can open, view, edit, or save files saved in the specified format. Enabling block of the specified format mitigates zero-day security attacks (which are attacks...Rule Medium Severity -
DTOO112 - Dif and Sylk files
Group -
Open/Save actions for Dif and Sylk files must be blocked.
This setting specifies whether users can open, view, edit, or save files saved in the specified format. Enabling block of the specified format mitigates zero-day security attacks (which are attacks...Rule Medium Severity -
DTOO113 - Macrosheets and add-in files
Group -
Open/Save actions for Excel 2 macrosheets and add-in files must be blocked.
This setting specifies whether users can open, view, edit, or save files saved in the specified format. Enabling block of the specified format mitigates zero-day security attacks (which are attacks...Rule Medium Severity -
DTOO114 - Excel 2 worksheets
Group -
Open/Save actions for Excel 2 worksheets must be blocked.
This setting specifies whether users can open, view, edit, or save files saved in the specified format. Enabling block of the specified format mitigates zero-day security attacks (which are attacks...Rule Medium Severity -
DTOO115 - Excel 3 macrosheets and add-in files
Group -
Open/Save actions for Excel 3 macrosheets and add-in files must be blocked.
This setting specifies whether users can open, view, edit, or save files saved in the specified format. Enabling block of the specified format mitigates zero-day security attacks (which are attacks...Rule Medium Severity -
DTOO116 - Excel 3 worksheets
Group -
Open/Save actions for Excel 3 worksheets must be blocked.
This setting specifies whether users can open, view, edit, or save files saved in the specified format. Enabling block of the specified format mitigates zero-day security attacks (which are attacks...Rule Medium Severity -
DTOO105 - Excel 4 macrosheets and add-in files
Group -
Open/Save actions for Excel 4 macrosheets and add-in files must be blocked.
This setting specifies whether users can open, view, edit, or save files saved in the specified format. Enabling block of the specified format mitigates zero-day security attacks (which are attacks...Rule Medium Severity -
DTOO106 - Excel 4 workbooks
Group -
Open/Save actions for Excel 4 workbooks must be blocked.
This setting specifies whether users can open, view, edit, or save files saved in the specified format. Enabling block of the specified format mitigates zero-day security attacks (which are attacks...Rule Medium Severity -
DTOO107 - Excel 4 worksheets
Group -
Open/Save actions for Excel 4 worksheets must be blocked.
This setting specifies whether users can open, view, edit, or save files saved in the specified format. Enabling block of the specified format mitigates zero-day security attacks (which are attacks...Rule Medium Severity -
DTOO108 - Excel 95 workbooks
Group -
Actions for Excel 95 workbooks must be configured to edit in Protected View.
This setting specifies whether users can open, view, edit, or save files saved in the specified format. Enabling block of the specified format mitigates zero-day security attacks (which are attacks...Rule Medium Severity -
DTOO109 - Excel 95-97 workbooks and templates
Group -
Actions for Excel 95-97 workbooks and templates must be configured to edit in Protected View.
This setting specifies whether users can open, view, edit, or save files saved in the specified format. Enabling block of the specified format mitigates zero-day security attacks (which are attacks...Rule Medium Severity -
DTOO110 - Set default file block behavior
Group -
Blocking as default file block opening behavior must be enforced.
Users can open, view, or edit a large number of file types in Office 2013. Some file types are safer than others, as some could allow malicious code to become active on user computers or the netwo...Rule Medium Severity -
DTOO120 -Web pages and Excel 2003 XML spreadsheets
Group -
Open/Save actions for web pages and Excel 2003 XML spreadsheets must be blocked.
This policy setting allows for determining whether users can open, view, edit, or save Excel files with the format specified by the titleRule Low Severity -
DTOO121 - Files from the Internet zone
Group -
Files from the Internet zone must be opened in Protected View.
This policy setting allows for determining if files downloaded from the Internet zone open in Protected View. If enabling this policy setting, files downloaded from the Internet zone do not open in...Rule Medium Severity -
DTOO288 - Files in unsafe locations
Group -
Files in unsafe locations must be opened in Protected View.
This policy setting determines whether files located in unsafe locations will open in Protected View. If unsafe locations have not been specified, only the "Downloaded Program Files" and "Temporary...Rule Medium Severity -
DTOO292 - Set document behavior
Group -
Document behavior if file validation fails must be set.
This policy key controls how Office documents should be handled when failing file validation. By requiring such documents to be opened in Protected View, any potentially malicious code would be dis...Rule Medium Severity -
DTOO293 - Turn off Protected View for attachments
Group -
Excel attachments opened from Outlook must be in Protected View.
This policy setting allows for determining whether Excel files in Outlook attachments open in Protected View. If enabling this policy setting, Outlook attachments do not open in Protected View. If ...Rule Medium Severity -
DTOO418 - Disable WEBSERVICE functions
Group -
WEBSERVICE functions must be disabled.
The WEBSERVICE function option, when used in an Excel spreadsheet, returns data from a web service on the Internet or Intranet. If allowed to be used, security is significantly reduced by allowing ...Rule Medium Severity -
DTOO419 - Disallow corrupt workbook options
Group -
Corrupt workbook options must be disallowed.
This setting controls whether Excel presents users with a list of data extraction options before beginning an Open and Repair operation when users choose to open a corrupt workbook in repair or ext...Rule Medium Severity -
DTOO600 - Macros must be blocked from running in Office 2013 files from the Internet.
Group -
Macros must be blocked from running in Office 2013 files from the Internet.
This policy setting allows you to block macros from running in Office files that come from the Internet. If you enable this policy setting, macros are blocked from running, even if "Enable all macr...Rule Medium Severity -
DTOO104 - Disable user name and password
Group -
Disabling of user name and password syntax from being used in URLs must be enforced.
The Uniform Resource Locator (URL) standard allows user authentication to be included in URL strings in the form http://username:password@example.com. A malicious user might use this URL syntax to ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.