Skip to content

I - Mission Critical Sensitive

Rules and Groups employed by this XCCDF Profile

  • DTOO193 - Automation Security

    <GroupDescription></GroupDescription>
    Group
  • Automation Security to enforce macro level security in Office documents must be configured.

    &lt;VulnDiscussion&gt;When a separate program is used to launch Microsoft Office Excel, PowerPoint, or Word programmatically, any macros can run in...
    Rule Medium Severity
  • DTOO203 - Legacy Format signatures

    <GroupDescription></GroupDescription>
    Group
  • Legacy format signatures must be enabled.

    &lt;VulnDiscussion&gt;Office applications use the XML–based XMLDSIG format to attach digital signatures to documents, including Office 97-2003 bina...
    Rule Medium Severity
  • DTOO192 - Load controls for forms3

    <GroupDescription></GroupDescription>
    Group
  • Load controls in forms3 must be disabled from loading.

    &lt;VulnDiscussion&gt;ActiveX controls are Component Object Model (COM) objects and have unrestricted access to users' computers. ActiveX controls ...
    Rule Medium Severity
  • DTOO179 - Open as Read/Write when browsing

    <GroupDescription></GroupDescription>
    Group
  • Documents must be configured to not open as Read Write when browsing.

    &lt;VulnDiscussion&gt;Office document on a Web server using Internet Explorer, the appropriate application opens the file in read-only mode. Howeve...
    Rule Medium Severity
  • DTOO199 - Permissions on managed content

    <GroupDescription></GroupDescription>
    Group
  • Changing permissions on rights managed content for users must be enforced.

    &lt;VulnDiscussion&gt;This setting controls whether Office 2010 users can change permissions for content that is protected with Information Rights ...
    Rule Medium Severity
  • DTOO178 - Uploads to Office Online

    <GroupDescription></GroupDescription>
    Group
  • Upload of document templates to Office Online must be prevented.

    &lt;VulnDiscussion&gt;Office users can share Excel, PowerPoint, and Word templates they create with other Microsoft Office users around the world b...
    Rule Medium Severity
  • DTOO188 - Protect document metadata

    <GroupDescription></GroupDescription>
    Group
  • Document metadata for password protected files must be protected.

    &lt;VulnDiscussion&gt;When an Office Open XML document is protected with a password and saved, any metadata associated with the document is encrypt...
    Rule Medium Severity
  • DTOO187 - Protect metadata / rights managed docs

    <GroupDescription></GroupDescription>
    Group
  • Rights managed Office Open XML files must be protected.

    &lt;VulnDiscussion&gt;When Information Rights Management (IRM) is used to restrict access to an Office Open XML document, any metadata associated w...
    Rule Medium Severity
  • DTOO180 - Vector Markup Lang (VML) / IE graphics

    <GroupDescription></GroupDescription>
    Group
  • Vector markup Language (VML) for displaying graphics in browsers must be disallowed.

    &lt;VulnDiscussion&gt;When saving documents as Web pages, Excel, PowerPoint, and Word can save vector–based graphics in Vector Markup Language (VML...
    Rule Medium Severity
  • DTOO204 - External Signature Services menu

    <GroupDescription></GroupDescription>
    Group
  • External Signature Services Menu for Office must be suppressed.

    &lt;VulnDiscussion&gt;Users can select Add Signature Services (from the Signature Line drop-down menu on the Insert tab of the Ribbon in Excel 2010...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules