Check: O365-WD-000002
Microsoft Office 365 ProPlus STIG:
O365-WD-000002
(in versions v2 r12 through v1 r2)
Title
In Word, encrypted macros must be scanned. (Cat II impact)
Discussion
This policy setting controls whether encrypted macros in Open XML documents be are required to be scanned with anti-virus software before being opened. If you enable this policy setting, you may choose one of these options: - Scan encrypted macros: encrypted macros are disabled unless anti-virus software is installed. Encrypted macros are scanned by your anti-virus software when you attempt to open an encrypted workbook that contains macros. - Scan if anti-virus software available: if anti-virus software is installed, scan the encrypted macros first before allowing them to load. If anti-virus software is not available, allow encrypted macros to load. - Load macros without scanning: do not check for anti-virus software and allow macros to be loaded in an encrypted file. If you disable or do not configure this policy setting, the behavior will be similar to the "Scan encrypted macros" option.
Check Content
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Word 2016 >> Word Options >> Security >> Trust Center >> Scan encrypted macros in Word Open XML documents is set to "Enabled" "Scan encrypted macros (default)". Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\microsoft\office\16.0\word\security If the value WordBypassEncryptedMacroScan does not exist, this is not a finding. If the value is REG_DWORD = 0, this is not a finding.
Fix Text
Set the policy value for User Configuration >> Administrative Templates >> Microsoft Word 2016 >> Word Options >> Security >> Trust Center >> Scan encrypted macros in Word Open XML documents to "Enabled" "Scan encrypted macros (default)".
Additional Identifiers
Rule ID: SV-223401r879630_rule
Vulnerability ID: V-223401
Group Title: SRG-APP-000210
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001170 |
The information system prevents the automatic execution of mobile code in organization-defined software applications. |
Controls
Number | Title |
---|---|
SC-18 (4) |
Prevent Automatic Execution |