Check: DTOO292
Microsoft PowerPoint 2016 STIG:
DTOO292
(in version v1 r1)
Title
Document behavior if file validation fails must be set. (Cat II impact)
Discussion
This policy setting controls how Office handles documents when they fail file validation. If you enable this policy setting, you can configure the following options for files that fail file validation:- Block files completely. Users cannot open the files.- Open files in Protected View and disallow edit. Users cannot edit the files. This is also how Office handles the files if you disable this policy setting.- Open files in Protected View and allow edit. Users can edit the files. This is also how Office handles the files if you do not configure this policy setting.If you disable this policy setting, Office follows the "Open files in Protected View and disallow edit" behavior. If you do not configure this policy setting, Office follows the "Open files in Protected View and allow edit" behavior.
Check Content
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft PowerPoint 2016 -> PowerPoint Options -> Security -> Trust Center -> Protected View "Set document behavior if file validation fails" is set to "Disabled". The option 'Enabled: Open in Protected View' and Unchecked for 'Do not allow edit' is also an acceptable value. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\16.0\PowerPoint\security\filevalidation Criteria: If the value openinprotectedview does not exist, this is not a finding. If the value is REG_DWORD = 1, this is not a finding. If the value DisableEditFromPV is set to REG_DWORD = 1, this is not a finding. If the value is set to REG_DWORD = 0, this is a finding.
Fix Text
Set the policy value for User Configuration -> Administrative Templates -> Microsoft PowerPoint 2016 -> PowerPoint Options -> Security -> Trust Center -> Protected View "Set document behavior if file validation fails" to "Disabled".
Additional Identifiers
Rule ID: SV-86031r1_rule
Vulnerability ID: V-71407
Group Title: SRG-APP-000210
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001170 |
The information system prevents the automatic execution of mobile code in organization-defined software applications. |
Controls
Number | Title |
---|---|
SC-18 (4) |
Prevent Automatic Execution |