DTOO207 – Document Information panel Beaconing must show UI.

Details

This policy setting controls whether users see a security warning when they open custom Document Information Panels that contain a web beaconing threat. Web beacons can be used to contact an external server when users open forms. Information could be gathered by the form, or information entered by users could be sent to an external server, exposing the internal users and systems to additional attacks.

Solution

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Document Information Panel ‘Document Information Panel Beaconing UI’ to ‘Enabled (Always show UI)’.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_OfficeSystem_2013_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

800-53|SC-18(4)
CAT|II
CCI|CCI-002460
Rule-ID|SV-228559r508020_rule
STIG-ID|DTOO207
STIG-Legacy|SV-52754
STIG-Legacy|V-17605
Vuln-ID|V-228559

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles