Details

Office Telemetry is a new compatibility monitoring framework. When an Office document or solution is loaded, used, closed, or raises an error in certain Office 2013 applications, the Office Telemetry application adds a record about the event to a local data store. Each record includes a description of the problem and a link to more information. Inventory and usage data is also tracked. The actual logging capability will be enabled, but this policy allows that data to be uploaded to a remote location which, if enabled, could pass information about the internal network and configuration to that remote site.

Solution

Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Telemetry Dashboard >> ‘Turn on data uploading for Office Telemetry Agent’ to ‘Disabled’.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_OfficeSystem_2013_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.

References

• 800-53|CM-7a.
• CAT|II
• CCI|CCI-000381
• Rule-ID|SV-228541r508020_rule
• STIG-ID|DTOO415
• STIG-Legacy|SV-53217
• STIG-Legacy|V-40885
• Vuln-ID|V-228541

Source

• Tenable.com/audits