Check: DTOO182
Microsoft Office System 2013 STIG:
DTOO182
(in version v2 r1)
Title
The Help Improve Proofing Tools feature for Office must be configured. (Cat II impact)
Discussion
The "Help Improve Proofing Tools" feature collects data about use of the Proofing Tools, such as additions to the custom dictionary, and sends it to Microsoft. After about six months, the feature stops sending data to Microsoft and deletes the data collection file from the user's computer. Although this feature does not intentionally collect personal information, some of the content sent could include items that were marked as spelling or grammar errors, such as proper names and account numbers. However, any numbers such as account numbers, street addresses, and phone numbers are converted to zeroes when the data is collected. Microsoft uses this information solely to improve the effectiveness of the Office Proofing Tools, not to identify users. By default, this feature is enabled, if users choose to participate in the Customer Experience Improvement Program (CEIP). If an organization has policies that govern the use of external resources such as the CEIP, allowing the use of the "Help Improve Proofing Tools" feature might cause them to violate these policies.
Check Content
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Tools >> Options >> Spelling >> Proofing Data Collection "Improve Proofing Tools" is set to "Disabled". Use the Windows Registry Editor to navigate to the following. HKCU\Software\Policies\Microsoft\Office\15.0\common\ptwatson If the value 'PTWOptIn' is REG_DWORD = 0, this is not a finding.
Fix Text
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Tools \ Options \ Spelling -> Proofing Data Collection "Improve Proofing Tools" to "Disabled".
Additional Identifiers
Rule ID: SV-228517r508020_rule
Vulnerability ID: V-228517
Group Title: SRG-APP-000516
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |