Check: DTOO141
Microsoft Excel 2013 STIG:
DTOO141
(in versions v1 r7 through v1 r6)
Title
The AutoRepublish warning alert must be provided. (Cat II impact)
Discussion
AutoRepublish is a feature in Excel allowing workbooks to be automatically republished to the World Wide Web each time the workbook is saved. A number of changes might need to be made to allow the workbook to be successfully published, including the following: * External references are converted to values. * Hidden formulas become visible. * The "Set precision as displayed" option, which appears beneath the "When calculating this workbook" heading in the "Advanced" section of the "Excel Options" dialog box, is no longer available. These types of changes can mean the version on the web page might not be the same as the Excel file. By default, a message dialog box appears every time the user saves a published workbook when AutoRepublish is enabled. From this dialog box, the user can disable AutoRepublish temporarily or permanently, or select "Do not show this message again" to prevent the dialog box from appearing after every save. If the user selects "Do not show this message again", Excel will continue to automatically republish the data after every save without informing the user.
Check Content
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Save "Do not show AutoRepublish warning alert" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\options Criteria: If the value DisableAutoRepublishWarning is REG_DWORD = 0, this is not a finding.
Fix Text
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Save "Do not show AutoRepublish warning alert" to "Disabled".
Additional Identifiers
Rule ID: SV-53803r1_rule
Vulnerability ID: V-17744
Group Title: DTOO141 - AutoRepublish Warning Alert
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |