Skip to content
Log In

I - Mission Critical Public

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000179

    Group
    Show

  • Macros must be blocked from running in Access files from the Internet.

    This policy setting allows you to block macros from running in Office files that come from the Internet. If you enable this policy setting, macros are blocked from running, even if “Enable all mac...
    Rule Medium Severity
    Show

  • SRG-APP-000131

    Group
    Show

  • Trust Bar Notifications for unsigned application add-ins in Access must be disabled and blocked.

    This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are loaded or silently disable such add-ins without notification. This policy ...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • VBA Macros not digitally signed must be blocked in Access.

    This policy setting controls how the specified applications warn users when Visual Basic for Applications (VBA) macros are present. If this policy setting is enabled, choose from four options for ...
    Rule Medium Severity
    Show

  • SRG-APP-000210

    Group
    Show

  • The Macro Runtime Scan Scope must be enabled for all documents.

    This policy setting specifies for which documents the VBA Runtime Scan feature is enabled. If the feature is disabled for all documents, no runtime scanning of enabled macros will be performed. I...
    Rule Medium Severity
    Show

  • SRG-APP-000429

    Group
    Show

  • Document metadata for rights managed Office Open XML files must be protected.

    This policy setting determines whether metadata is encrypted in Office Open XML files that are protected by Information Rights Management (IRM). If you enable this policy setting, Excel, PowerPoint...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • The Office client must be prevented from polling the SharePoint Server for published links.

    This policy setting controls whether Office 365 ProPlus applications can poll Office servers to retrieve lists of published links. If this policy setting is enabled, Office 365 ProPlus applicatio...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • Custom user interface (UI) code must be blocked from loading in all Office applications.

    This policy setting controls whether Office 365 ProPlus applications load any custom user interface (UI) code included with a document or template. Office 365 ProPlus allows developers to extend th...
    Rule Medium Severity
    Show

  • SRG-APP-000488

    Group
    Show

  • ActiveX Controls must be initialized in Safe Mode.

    This policy setting specifies the Microsoft ActiveX initialization security level for all Microsoft Office applications. ActiveX controls can adversely affect a computer directly. In addition, mali...
    Rule Medium Severity
    Show

  • SRG-APP-000210

    Group
    Show

  • Macros in all Office applications that are opened programmatically by another application must be opened based upon macro security level.

    This policy setting controls whether macros can run in an Office 365 ProPlus application that is opened programmatically by another application. If this policy setting is enabled, the user can choo...
    Rule Medium Severity
    Show

  • SRG-APP-000131

    Group
    Show

  • Trust Bar notifications must be configured to display information in the Message Bar about the content that has been automatically blocked.

    This policy setting controls whether Office 365 ProPlus applications notify users when potentially unsafe features or content are detected, or whether such features or content are silently disabled...
    Rule Medium Severity
    Show

  • SRG-APP-000231

    Group
    Show

  • Office applications must be configured to specify encryption type in password-protected Office 97-2003 files.

    This policy setting enables you to specify an encryption type for password-protected Office 97-2003 files. If you enable this policy setting, you can specify the type of encryption that Office app...
    Rule Medium Severity
    Show

  • SRG-APP-000231

    Group
    Show

  • Office applications must be configured to specify encryption type in password-protected Office Open XML files.

    This policy setting allows you to specify an encryption type for Office Open XML files. If you enable this policy setting, you can specify the type of encryption that Office applications use to en...
    Rule Medium Severity
    Show

  • SRG-APP-000340

    Group
    Show

  • Users must be prevented from creating new trusted locations in the Trust Center.

    This policy setting controls whether trusted locations can be defined by users, the Office Customization Tool (OCT), and Group Policy, or if they must be defined by Group Policy alone. If you enab...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • Office applications must not load XML expansion packs with Smart Documents.

    This policy setting controls whether Office 365 ProPlus applications can load an XML expansion pack manifest file with a Smart Document.
    Rule Medium Severity
    Show

  • SRG-APP-000207

    Group
    Show

  • The load of controls in Forms3 must be blocked.

    This policy setting allows the user to control how ActiveX controls in UserForms should be initialized based upon whether they are Safe for Initialization (SFI) or Unsafe for Initialization (UFI). ...
    Rule Medium Severity
    Show

  • SRG-APP-000207

    Group
    Show

  • Add-on Management must be enabled for all Office 365 ProPlus programs.

    Internet Explorer add-ons are pieces of code, run in Internet Explorer, to provide additional functionality. Rogue add-ons may contain viruses or other malicious code. Disabling or not configuring ...
    Rule Medium Severity
    Show

  • SRG-APP-000179

    Group
    Show

  • Consistent MIME handling must be enabled for all Office 365 ProPlus programs.

    Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified and cannot be relied on to provide confidentiality or integrity, and DoD...
    Rule Medium Severity
    Show

  • SRG-APP-000210

    Group
    Show

  • User name and password must be disabled in all Office programs.

    The Uniform Resource Locator (URL) standard allows user authentication to be included in URL strings in the form http://username:password@example.com. A malicious user might use this URL syntax to ...
    Rule Medium Severity
    Show

  • SRG-APP-000207

    Group
    Show

  • The Information Bar must be enabled in all Office programs.

    This policy setting controls whether Office 365 ProPlus applications notify users when potentially unsafe features or content are detected, or whether such features or content are silently disabled...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • The Local Machine Zone Lockdown Security must be enabled in all Office programs.

    Internet Explorer places restrictions on each web page users can use the browser to open. Web pages on a user's local computer have the fewest security restrictions and reside in the Local Machine ...
    Rule Medium Severity
    Show

  • SRG-APP-000179

    Group
    Show

  • The MIME Sniffing safety feature must be enabled in all Office programs.

    Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified and cannot be relied upon to provide confidentiality or integrity, and D...
    Rule Medium Severity
    Show

  • SRG-APP-000210

    Group
    Show

  • Navigate URL must be enabled in all Office programs.

    To protect users from attacks, Internet Explorer usually does not attempt to load malformed URLs. This functionality can be controlled separately for instances of Internet Explorer spawned by Offic...
    Rule Medium Severity
    Show

  • SRG-APP-000179

    Group
    Show

  • Object Caching Protection must be enabled in all Office programs.

    Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified and cannot be relied upon to provide confidentiality or integrity, and D...
    Rule Medium Severity
    Show

  • SRG-APP-000112

    Group
    Show

  • Protection from zone elevation must be enabled in all Office programs.

    Internet Explorer places restrictions on each web page users can use the browser to open. Web pages on a user's local computer have the fewest security restrictions and reside in the Local Machine ...
    Rule Medium Severity
    Show

  • SRG-APP-000488

    Group
    Show

  • ActiveX installation restriction must be enabled in all Office programs.

    Microsoft ActiveX controls allow unmanaged, unprotected code to run on the user computers. ActiveX controls do not run within a protected container in the browser like the other types of HTML or Mi...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules