Microsoft InfoPath 2010 STIG Version Comparison

There are 24 differences between versions v1 r2 (Oct. 28, 2016) (the "left" version) and v1 r11 (April 27, 2018) (the "right" version).

Check DTOO127 - InfoPath was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Title

Application add-ins must be signed by Trusted Publisher.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2010 -> Security -> Trust Center “Require that application add-ins are signed by Trusted Publisher” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\infopath\security Criteria: If the value RequireAddinSig is REG_DWORD = 1, this is not a finding.

Discussion

Office 2010 applications do not check the digital signature on application add-ins before opening them. Disabling or not configuring this setting may allow an application to load a dangerous add-in. As a result, malicious code could become active on user computers or the network.

Fix

Set the policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2010 -> Security -> Trust Center “Require that application add-ins are signed by Trusted Publisher” to “Enabled”.