DTOO188 – Document metadata for password protected files must be protected.

Details

When an Office Open XML document is protected with a password and saved, any metadata associated with the document is encrypted along with the rest of the document’s contents. If this configuration is changed, potentially sensitive information such as the document author and hyperlink references could be exposed to unauthorized people.

Solution

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Security Settings ‘Protect document metadata for password protected files’ to ‘Enabled’.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_OfficeSystem_2013_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

800-53|SC-28
CAT|II
CCI|CCI-001199
Rule-ID|SV-228547r508020_rule
STIG-ID|DTOO188
STIG-Legacy|SV-52725
STIG-Legacy|V-17768
Vuln-ID|V-228547

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles