Check: DTOO133 - InfoPath
Microsoft InfoPath 2010 STIG:
DTOO133 - InfoPath
(in versions v1 r11 through v1 r10)
Title
All automatic loading from Trusted Locations must be disabled. (Cat II impact)
Discussion
Trusted locations specified in the Trust Center are used to define file locations assumed to be safe. Content, code, and add-ins are allowed to load from trusted locations with a minimal amount of security, without prompting the users for permission. If a dangerous file is opened from a trusted location, it will not be subject to standard security measures and could harm users' computers or data. By default, files located in trusted locations (those specified in the Trust Center) are assumed to be safe.
Check Content
The policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2010 -> Security -> Trust Center “Disable all trusted locations” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\infopath\security\trusted locations Criteria: If the value AllLocationsDisabled is REG_DWORD = 1, this is not a finding.
Fix Text
Set the policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2010 -> Security -> Trust Center “Disable all trusted locations” to “Enabled”.
Additional Identifiers
Rule ID: SV-33860r2_rule
Vulnerability ID: V-17471
Group Title: DTOO133-Disable all trusted locations
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001170 |
The information system prevents the automatic execution of mobile code in organization-defined software applications. |
Controls
Number | Title |
---|---|
SC-18 (4) |
Prevent Automatic Execution |