Title

Changing permissions on rights managed content for users must be enforced. (Cat II impact)

Discussion

This setting controls whether Office 2010 users can change permissions for content that is protected with Information Rights Management (IRM). The Information Rights Management feature of Office 2010 allows individuals and administrators to specify access permissions to Word documents, Excel workbooks, PowerPoint presentations, InfoPath templates and forms, and Outlook e-mail messages. This functionality helps prevent sensitive information from being printed, forwarded, or copied by unauthorized people.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft Office 2010 -> Manage Restricted Permissions “Prevent users from changing permissions on rights managed content” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\common\drm Criteria: If the value DisableCreation is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2010 -> Manage Restricted Permissions “Prevent users from changing permissions on rights managed content” to “Disabled”.

Additional Identifiers

Rule ID: SV-33462r1_rule

Vulnerability ID: V-17765

Group Title: DTOO199 - Permissions on managed content

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.