Check: O365-EX-000032
Microsoft Office 365 ProPlus STIG:
O365-EX-000032
(in versions v2 r12 through v1 r2)
Title
Files from unsafe locations must be opened in Excel in Protected View mode. (Cat II impact)
Discussion
This policy setting lets you determine if files located in unsafe locations will open in Protected View. If you have not specified unsafe locations, only the "Downloaded Program Files" and "Temporary Internet Files" folders are considered unsafe locations. If you enable this policy setting, files located in unsafe locations do not open in Protected View. If you disable or do not configure this policy setting, files located in unsafe locations open in Protected View.
Check Content
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Excel 2016 >> Excel Options >> Security >> Trust Center >> Protected View >> Do not open files in unsafe locations in Protected View is set to "Disabled". Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\microsoft\office\16.0\excel\security\protectedview If the value DisableUnsafeLocationsInPV is REG_DWORD = 0, this is not a finding. If the value does not exist, this is not a finding. If the value is REG_DWORD = 1, this is a finding.
Fix Text
Set policy value for User Configuration >> Administrative Templates >> Microsoft Excel 2016 >> Excel Options >> Security >> Trust Center >> Protected View >> Do not open files in unsafe locations in Protected View to "Disabled".
Additional Identifiers
Rule ID: SV-223341r879630_rule
Vulnerability ID: V-223341
Group Title: SRG-APP-000210
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001170 |
The information system prevents the automatic execution of mobile code in organization-defined software applications. |
Controls
Number | Title |
---|---|
SC-18 (4) |
Prevent Automatic Execution |