Check: DTOO184
Microsoft Office System 2013 STIG:
DTOO184
(in version v2 r1)
Title
The Customer Experience Improvement Program for Office must be disabled. (Cat II impact)
Discussion
When users choose to participate in the Customer Experience Improvement Program (CEIP), Office applications automatically send information to Microsoft about how the applications are used. This information is combined with other CEIP data to help Microsoft solve problems and to improve the products and features customers use most often. This feature does not collect users' names, addresses, or any other identifying information except the IP address that is used to send the data. By default, users have the opportunity to opt into participation in the CEIP the first time they run an Office application. If an organization has policies that govern the use of external resources such as the CEIP, allowing users to opt in to the program might cause them to violate these policies.
Check Content
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Privacy >> Trust Center "Enable Customer Experience Improvement Program" is set to "Disabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common Criteria: If the value 'QMEnable' is REG_DWORD = 0, this is not a finding.
Fix Text
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Privacy -> Trust Center "Enable Customer Experience Improvement Program" to "Disabled".
Additional Identifiers
Rule ID: SV-228529r508020_rule
Vulnerability ID: V-228529
Group Title: SRG-APP-000141
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |