Check: O365-VI-000004
Microsoft Office 365 ProPlus STIG:
O365-VI-000004
(in versions v2 r12 through v1 r1)
Title
Visio 2000-2002 Binary Drawings, Templates and Stencils must be blocked. (Cat II impact)
Discussion
This policy setting allows you to determine whether users can open or save Visio files with the format specified by the title of this policy setting. If you enable this policy setting, you can specify whether users can open or save files. The options that can be selected are below. Note: Not all options may be available for this policy setting. -Do not block: The file type will not be blocked. -Save blocked: Saving of the filet type will be blocked. -Open/Save blocked: Both opening and saving of the file type will be blocked. If you disable or do not configure this policy setting, the file type will be blocked.
Check Content
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Visio 2016 >> Visio Options >> Security >> Trust Center >> File Block Settings "Visio 2000-2002 Binary Drawings, Templates and Stencils" is set to "Enabled" and "Open/Save blocked". Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\16.0\visio\security\fileblock If the value "visio2000files" is REG_DWORD = 2, this is not a finding.
Fix Text
Set the policy value for User Configuration >> Administrative Templates >> Microsoft Visio 2016 >> Visio Options >> Security >> Trust Center >> File Block Settings "Visio 2000-2002 Binary Drawings, Templates and Stencils" to "Enabled" and "Open/Save blocked".
Additional Identifiers
Rule ID: SV-223396r879628_rule
Vulnerability ID: V-223396
Group Title: SRG-APP-000207
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001662 |
The information system takes organization-defined corrective action when organization-defined unacceptable mobile code is identified. |
Controls
Number | Title |
---|---|
SC-18 (1) |
Identify Unacceptable Code / Take Corrective Actions |