Title

The Office Feedback tool must be disabled. (Cat II impact)

Discussion

The "Office Feedback" tool, also called "Send-a-Smile", allows a user to click on an icon and send feedback to Microsoft. Applications used by DoD users should not be able to provide feedback to commercial vendors regarding their positive and negative experiences when using Office due to the potential of unintentionally revealing FOUO or other protected content.

Check Content

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Privacy >> Trust Center >> "Send Office Feedback" is set to "Disabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\feedback If the value 'enabled' is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Privacy >> Trust Center >> "Send Office Feedback" to "Disabled".

Additional Identifiers

Rule ID: SV-228539r508020_rule

Vulnerability ID: V-228539

Group Title: SRG-APP-000141

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.