Check: O365-CO-000002
Microsoft Office 365 ProPlus STIG:
O365-CO-000002
(in versions v3 r3 through v1 r1)
Title
Document metadata for rights managed Office Open XML files must be protected. (Cat I impact)
Discussion
This policy setting determines whether metadata is encrypted in Office Open XML files that are protected by Information Rights Management (IRM). If this policy setting is enabled, Excel, PowerPoint, and Word encrypt metadata stored in rights-managed Office Open XML files and override any configuration changes on users' computers. If this policy setting is enabled, Office 2016 applications cannot encrypt metadata in rights-managed Office Open XML files, which can reduce security. If this policy setting is not configured when Information Rights Management (IRM) is used to restrict access to an Office Open XML document, any metadata associated with the document is not encrypted.
Check Content
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2016 >> Security Settings "Protect document metadata for rights managed Office Open XML Files" is set to "Enabled". Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\16.0\common\security If the value DRMEncryptProperty is REG_DWORD = 1, this is not a finding.
Fix Text
Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2016 >> Security Settings "Protect document metadata for rights managed Office Open XML Files" to "Enabled".
Additional Identifiers
Rule ID: SV-223285r1067544_rule
Vulnerability ID: V-223285
Group Title: SRG-APP-000429
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002476 |
Implement cryptographic mechanisms to prevent unauthorized disclosure of organization-defined information at rest on organization-defined system components. |
Controls
Number | Title |
---|---|
SC-28(1) |
Cryptographic Protection |