Skip to content

III - Administrative Classified

Rules and Groups employed by this XCCDF Profile

  • InfoPath must be enforced to not use email forms from the Intranet security zone.

    <VulnDiscussion>InfoPath email forms can be designed by an internal attacker and sent over the local intranet, and users might fill out such ...
    Rule Medium Severity
  • DTOO295 - InfoPath e-mail forms in Outlook

    <GroupDescription></GroupDescription>
    Group
  • InfoPath email forms in Outlook must be disallowed.

    &lt;VulnDiscussion&gt;Attackers can send users InfoPath email forms in an attempt to gain access to confidential information. Depending on the leve...
    Rule Medium Severity
  • DTOO296 - Managed code from the Internet

    <GroupDescription></GroupDescription>
    Group
  • Disabling opening forms with managed code from the Internet security zone must be configured.

    &lt;VulnDiscussion&gt;When InfoPath solutions are opened locally, the location of the form is checked so that updates to the form can be downloaded...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules