Microsoft Access 2013 STIG Version Comparison

There are 1 differences between versions v1 r4 (Jan. 27, 2017) (the "left" version) and v1 r6 (April 27, 2018) (the "right" version).

Check DTOO600 was removed from the benchmark in the "right" version. The text below reflects the old wording.

This check's original form is available here.

Title

Macros must be blocked from running in Office 2013 files from the Internet.

Check Content

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Access 2013 >> Access Options >> Security >> Trust Center "Block macros from running in Office files from the Internet" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\access\security Criteria: If the value blockcontentexecutionfrominternet is REG_DWORD = 1, this is not a finding.

Discussion

This policy setting allows you to block macros from running in Office files that come from the Internet. If you enable this policy setting, macros are blocked from running, even if "Enable all macros" is selected in the Macro Settings section of the Trust Center. Also, instead of having the choice to "Enable Content", users will receive a notification that macros are blocked from running. If the Office file is saved to a trusted location or was previously trusted by the user, macros will be allowed to run. If you disable or don't configure this policy setting, the settings configured in the Macro Settings section of the Trust Center determine whether macros run in Office files that come from the Internet.

Fix

Set the policy value for User Configuration >> Administrative Templates >> Microsoft Access 2013 >> Access Options >> Security >> Trust Center "Block macros from running in Office files from the Internet" to "Enabled".