An error occurred:

Check: DTOO120

Microsoft Excel 2013 STIG: DTOO120 (in versions v1 r7 through v1 r6)

Title

Open/Save actions for web pages and Excel 2003 XML spreadsheets must be blocked. (Cat III impact)

Discussion

This policy setting allows for determining whether users can open, view, edit, or save Excel files with the format specified by the title

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> File Block Settings "Web pages and Excel 2003 XML spreadsheets" is set to "Enabled: Open/Save blocked, use open policy". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock Criteria: If the value HtmlandXmlssFiles is REG_DWORD = 2, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> File Block Settings "Web pages and Excel 2003 XML spreadsheets" to "Enabled: Open/Save blocked, use open policy".

Additional Identifiers

Rule ID: SV-53638r2_rule

Vulnerability ID: V-26613

Group Title: DTOO120 -Web pages and Excel 2003 XML spreadsheets

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001662

The information system takes organization-defined corrective action when organization-defined unacceptable mobile code is identified.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-18 (1)

Identify Unacceptable Code / Take Corrective Actions