DTOO127 – Add-ins to Office applications must be signed by a Trusted Publisher.
Details Office 2013 applications do not check the digital signature on application add-ins before opening them. Disabling or not configuring...
- Home
- Security Hardening
- DISA STIG Microsoft InfoPath 2013 V1R5
DISA STIG Microsoft InfoPath 2013 V1R5
DTOO131 – Trust Bar Notifications for unsigned application add-ins must be blocked.
Details If an application is configured to require all add-ins to be signed by a trusted publisher, any unsigned add-ins...DTOO133 – All automatic loading from Trusted Locations must be disabled.
Details Trusted locations specified in the Trust Center are used to define file locations assumed to be safe. Content, code,...DTOO156 – Offline Mode capability to cache queries for offline mode must be configured.
Details InfoPath can function in online mode or offline mode. It can also cache queries for use in offline mode....DTOO157 – Redirection behavior for upgraded web sites by SharePoint must be blocked.
Details InfoPath automatically redirects user requests for sites that have not been upgraded to the temporary URL if it is...DTOO158 – Disabling the opening of solutions from the Internet Security Zone must be configured.
Details Attackers could use InfoPath solutions published to Internet Web sites to try to obtain sensitive information from users. By...DTOO159 – Disabling of Fully Trusted Solutions access to computers must be configured.
Details InfoPath users can choose whether to allow trusted forms to run on their computers. The Full Trust security level...DTOO160 – Unsafe file types must be prevented from being attached to InfoPath forms.
Details Users can attach any type of file to forms except potentially unsafe files that might contain viruses, such as...DTOO164 – Beaconing UI shown for opened forms must be configured.
Details Malicious users can create InfoPath forms with embedded Web beacons that can be used to contact an external server...DTOO172 – Disabling email forms from the Internet Security Zone must be configured.
Details InfoPath email forms can be designed by an external attacker and sent over the Internet as part of a...