An error occurred:

Check: DTOO186

Microsoft Office System 2016 STIG: DTOO186 (in versions v2 r3 through v1 r1)

Title

Trust Bar notifications for Security messages must be enforced. (Cat II impact)

Discussion

This policy setting controls whether Office 2016 applications notify users when potentially unsafe features or content are detected, or whether such features or content are silently disabled without notification. The Message Bar in Office 2016 applications is used to identify security issues, such as unsigned macros or potentially unsafe add-ins. When such issues are detected, the application disables the unsafe feature or content and displays the Message Bar at the top of the active window. The Message Bar informs the users about the nature of the security issue and, in some cases, provides the users with an option to enable the potentially unsafe feature or content, which could harm the user's computer. If you enable this policy setting, Office 2016 applications do not display information in the Message Bar about potentially unsafe content that has been detected or has automatically been blocked. If you disable this policy setting, Office 2016 applications display information in the Message Bar about content that has automatically been blocked. If you do not configure this policy setting, if an Office 2016 application detects a security issue, the Message Bar is displayed. However, this configuration can be modified by users in the Trust Center.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2016 -> Security Settings "Disable all Trust Bar notifications for security issues" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\16.0\common\trustcenter Criteria: If the value TrustBar is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2016 -> Security Settings "Disable all Trust Bar notifications for security issues" to "Disabled".

Additional Identifiers

Rule ID: SV-238025r879628_rule

Vulnerability ID: V-238025

Group Title: SRG-APP-000207

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001662

Take organization-defined corrective action when organization-defined unacceptable mobile code is identified.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-18(1)

Identify Unacceptable Code / Take Corrective Actions