Check: DTOO408
Microsoft Office System 2013 STIG:
DTOO408
(in version v1 r9)
Title
Office Presentation Service must be removed as an option for presenting PowerPoint and Word online. (Cat II impact)
Discussion
The Office Presentation Service is a free, public service that allows others to follow along in a web browser. Allowing this feature could result in presentations with DoD FOUO, PII and other protected data to be viewed in a nonsecure location. By disabling this policy, the user will not have the ability to deliver a presentation online.
Check Content
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Present Online >> "Remove Office Presentation Service from the list of online presentation services in PowerPoint and Word" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\broadcast If the value “disabledefaultservice” is REG_DWORD = 1, this is not a finding.
Fix Text
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Present Online -> "Remove Office Presentation Service from the list of online presentation services in PowerPoint and Word" to "Enabled".
Additional Identifiers
Rule ID: SV-53207r4_rule
Vulnerability ID: V-40875
Group Title: DTOO408 - Office Presentation Service must be removed
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
Configure the system to provide only organization-defined mission essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |