Title

Blogging entries created from inside Office products must be configured for SharePoint only. (Cat II impact)

Discussion

The blogging feature in Office products enables users to compose blog entries and post them to their blogs directly from Office, without using any additional software. By default, users can post blog entries to any compatible blogging service provider, including Windows Live Spaces, Blogger, a SharePoint or Community Server site, and others. Leaving this capability enabled introduces the risk of users posting confidential and FOUO date to non-DoD sites.

Check Content

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Miscellaneous "Control Blogging" is set to "Enabled (Only SharePoint blogs allowed)". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\Common\Blog If the value 'DisableBlog' is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Miscellaneous "Control Blogging" to "Enabled (Only SharePoint blogs allowed)".

Additional Identifiers

Rule ID: SV-228523r508020_rule

Vulnerability ID: V-228523

Group Title: SRG-APP-000516

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.