DTOO321 – Encrypt document properties must be configured for OLE documents.

Details

This policy setting allows a document’s properties to be encrypted. This applies to OLE documents (Office 97-2003 compatible) if the application is configured for CAPI RC4. Disabling this setting will prevent the encryption of document properties, which may expose sensitive data.

Solution

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Security Settings ‘Encrypt document properties’ to ‘Enabled’.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_OfficeSystem_2013_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

800-53|SC-28(1)
CAT|II
CCI|CCI-002476
Rule-ID|SV-228561r508020_rule
STIG-ID|DTOO321
STIG-Legacy|SV-52757
STIG-Legacy|V-26704
Vuln-ID|V-228561

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles