DTOO412 – The ability to run unsecure Office apps must be disabled.

Details

Unsecure apps for Office, which are apps that have web page or catalog locations that are not SSL-secured (https://), and/or are not in users’ Internet zones may allow data to be transmitted/accessed via clear text to outside sources. By configuring this policy to be disabled, users will be prevented from transmitting/accessing data in a nonsecure manner.

Solution

Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Security Settings >> Trust Center >> Trusted Catalogs ‘Allow Unsecure Apps and Catalogs’ to ‘Disabled’.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_OfficeSystem_2013_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.

References

800-53|CM-6b.
CAT|II
CCI|CCI-000366
Rule-ID|SV-228526r508020_rule
STIG-ID|DTOO412
STIG-Legacy|SV-53214
STIG-Legacy|V-40882
Vuln-ID|V-228526

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles