Title

Changing permissions on rights managed content for users must be enforced. (Cat II impact)

Discussion

This setting controls whether Office 2013 users can change permissions for content that is protected with Information Rights Management (IRM). The Information Rights Management feature of Office 2013 allows individuals and administrators to specify access permissions to Word documents, Excel workbooks, PowerPoint presentations, InfoPath templates and forms, and Outlook email messages. This functionality helps prevent sensitive information from being printed, forwarded, or copied by unauthorized people.

Check Content

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Manage Restricted Permissions "Prevent users from changing permissions on rights managed content" is set to "Disabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\drm Criteria: If the value “DisableCreation” is REG_DWORD = 0 for every users profile hive, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Manage Restricted Permissions "Prevent users from changing permissions on rights managed content" to "Disabled".

Additional Identifiers

Rule ID: SV-52748r3_rule

Vulnerability ID: V-17765

Group Title: DTOO199 - Permissions on managed content

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.