Details
The Windows Rights Management Add-on for Internet Explorer provides a way for users who do not use the 2013 Office release to view, but not alter, files with restricted permissions. By default, IRM-enabled files are saved in a format that cannot be viewed by using the Windows Rights Management Add-on. If this setting is enabled, an embedded rights-managed HTML version of the content is saved with each IRM-enabled file, which can be viewed in Internet Explorer using the add-on, representing the risk of documents being read by those without the rights and not intended to have access to the document.
Solution
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Manage Restricted Permissions ‘Allow users with earlier versions of Office to read with browsers’ to ‘Disabled’.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.
References
- 800-53|AC-3(4)
- CAT|II
- CCI|CCI-002165
- Rule-ID|SV-228555r508020_rule
- STIG-ID|DTOO200
- STIG-Legacy|SV-52749
- STIG-Legacy|V-17583
- Vuln-ID|V-228555