Details
The blogging feature in Office products enables users to compose blog entries and post them to their blogs directly from Office, without using any additional software.
By default, users can post blog entries to any compatible blogging service provider, including Windows Live Spaces, Blogger, a SharePoint or Community Server site, and others. Leaving this capability enabled introduces the risk of users posting confidential and FOUO date to non-DoD sites.
Solution
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Miscellaneous ‘Control Blogging’ to ‘Enabled (Only SharePoint blogs allowed)’.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.
References
- 800-53|CM-6b.
- CAT|II
- CCI|CCI-000366
- Rule-ID|SV-228523r508020_rule
- STIG-ID|DTOO212
- STIG-Legacy|SV-52756
- STIG-Legacy|V-17581
- Vuln-ID|V-228523