Check: O365-WD-000005
Microsoft Office 365 ProPlus STIG:
O365-WD-000005
(in versions v2 r12 through v1 r1)
Title
If file validation fails, files must be opened in Protected view in Word with ability to edit disabled. (Cat II impact)
Discussion
This policy setting controls how Office handles documents when they fail file validation. If you enable this policy setting, you can configure the following options for files that fail file validation: - Block files completely. Users cannot open the files. - Open files in Protected View and disallow edit. Users cannot edit the files. This is also how Office handles the files if you disable this policy setting. - Open files in Protected View and allow edit. Users can edit the files. This is also how Office handles the files if you do not configure this policy setting. If you disable this policy setting, Office follows the "Open files in Protected View and disallow edit" behavior. If you do not configure this policy setting, Office follows the "Open files in Protected View and allow edit" behavior.
Check Content
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Word 2016 >> Word Options >> Security >> Trust Center >> Protected View >> Set document behavior if file validation fails is set to "Enabled: Open in Protected View". Verify the check box for "Allow edit" is not selected. Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\16.0\Word\security\filevalidation If the value openinprotectedview does not exist, this is not a finding. If both the value for openinprotectedview is REG_DWORD = 1 and the value for DisableEditFromPV is set to REG_DWORD = 1, this is not a finding.
Fix Text
Set the policy value for User Configuration >> Administrative Templates >> Microsoft Word 2016 >> Word Options >> Security >> Trust Center >> Protected View >> Set document behavior if file validation fails to "Enabled: Open in Protected View". Uncheck the "Allow edit" check box.
Additional Identifiers
Rule ID: SV-223404r879628_rule
Vulnerability ID: V-223404
Group Title: SRG-APP-000207
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001662 |
The information system takes organization-defined corrective action when organization-defined unacceptable mobile code is identified. |
Controls
Number | Title |
---|---|
SC-18 (1) |
Identify Unacceptable Code / Take Corrective Actions |