II - Mission Support Sensitive
Rules and Groups employed by this XCCDF Profile
-
DTOO196 - Mix of Policy and User Locations
Group -
A mix of policy and user locations for Office Products must be disallowed.
When Microsoft Office files are opened from trusted locations, all the content in the files is enabled and active. Users are not notified about any potential risks that might be contained in the fi...Rule Medium Severity -
DTOO212 - Control Blogging
Group -
Blogging entries created from inside Office products must be configured for Sharepoint only.
The blogging feature in Office products enables users to compose blog entries and post them to their blogs directly from Office, without using any additional software. By default, users can post bl...Rule Medium Severity -
DTOO200 - Allow users to read with browsers
Group -
Office must be configured to not allow read with browsers.
The Windows Rights Management Add-on for Internet Explorer provides a way for users who do not use the 2010 Office release to view, but not alter, files with restricted permissions. By default, IRM...Rule Medium Severity -
DTOO177-Disable Updates from Office Online Site
Group -
Access to updates, add-ins, and patches on Office.com must be disabled.
Having access to updates, add-ins, and patches on the Office Online Web site can help users ensure computers are up to date and equipped with the latest security patches. However, to ensure updates...Rule Medium Severity -
DTOO186 - Trust Bar Notifications
Group -
Trust Bar notifications for Security messages must be enforced.
The Message Bar in Office applications is used to identify security issues, such as unsigned macros or potentially unsafe add-ins. When such issues are detected, the application disables the unsafe...Rule Medium Severity -
DTOO207 - Document Info Beaconing UI
Group -
Document Information panel Beaconing must show UI.
For controlling whether users see a security warning when they open custom Document Information Panels that contain a Web beaconing threat. Web beacons can be used to contact an external server wh...Rule Medium Severity -
DTOO184 - Cust. Experience Improvement Program
Group -
The Customer Experience Improvement Program for Office must be disabled.
When users choose to participate in the Customer Experience Improvement Program (CEIP), Office applications automatically send information to Microsoft about how the applications are used. This inf...Rule Medium Severity -
DTOO190 - Encr. type for Password Protected files
Group -
The encryption type for password protected Office 97 thru Office 2003 must be set.
If unencrypted files are intercepted, sensitive information in the files can be compromised. To protect information confidentiality, Microsoft Office application files can be encrypted and password...Rule Medium Severity -
DTOO189 - Encryption Type for Pwd Protected files
Group -
The encryption type for password protected Open XML files must be set.
If unencrypted files are intercepted, sensitive information in the files can be compromised. To protect information confidentiality, Office application files can be encrypted and password protected...Rule Medium Severity -
DTOO182 - Improve Proofing Tools
Group -
The Help Improve Proofing Tools feature for Office must be configured.
The Help Improve Proofing Tools feature collects data about use of the Proofing Tools, such as additions to the custom dictionary, and sends it to Microsoft. After about six months, the feature sto...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.