Title

Office Presentation Service must be removed as an option for presenting PowerPoint and Word online. (Cat II impact)

Discussion

The Office Presentation Service is a free, public service that allows others to follow along in a web browser. Allowing this feature could result in presentations with DoD FOUO, PII and other protected data to be viewed in a nonsecure location. By disabling this policy, the user will not have the ability to deliver a presentation online.

Check Content

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Present Online >> "Remove Office Presentation Service from the list of online presentation services in PowerPoint and Word" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\broadcast If the value 'disabledefaultservice' is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Present Online -> "Remove Office Presentation Service from the list of online presentation services in PowerPoint and Word" to "Enabled".

Additional Identifiers

Rule ID: SV-228538r508020_rule

Vulnerability ID: V-228538

Group Title: SRG-APP-000141

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.