An error occurred:

Check: DTOO127

Microsoft Word 2013 STIG: DTOO127 (in versions v1 r6 through v1 r5)

Title

Add-ins to Office applications must be signed by a Trusted Publisher. (Cat II impact)

Discussion

Office 2013 applications do not check the digital signature on application add-ins before opening them. Disabling or not configuring this setting may allow an application to load a dangerous add-in. As a result, malicious code could become active on user computers or the network.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2013 -> Word Options -> Security -> Trust Center "Require that application add-ins are signed by Trusted Publisher" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\word\security Criteria: If the value RequireAddinSig is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2013 -> Word Options -> Security -> Trust Center "Require that application add-ins are signed by Trusted Publisher" to "Enabled".

Additional Identifiers

Rule ID: SV-53564r1_rule

Vulnerability ID: V-26589

Group Title: DTOO127 - Add-ins are signed by Trusted Publisher

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001749

The information system prevents the installation of organization-defined software components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-5 (3)

Signed Components