Microsoft Access 2007

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Microsoft Access 2007

Overview

Version	Date	Finding Count (11)			Downloads
4	2016-06-30 2014-01-07 2014-01-07 2014-01-07 2014-01-07 2014-01-07 2015-12-29 2015-12-29	CAT I (High): 0	CAT II (Med): 11	CAT III (Low): 0	Excel	JSON	XML

STIG Description
The Microsoft Access 2007 STIG is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the NIST 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles

Classified	Public	Sensitive
I - Mission Critical Classified	I - Mission Critical Public	I - Mission Critical Sensitive	II - Mission Support Classified	II - Mission Support Public	II - Mission Support Sensitive	III - Administrative Classified	III - Administrative Public	III - Administrative Sensitive

Findings (MAC III - Administrative Sensitive)

Finding ID	Severity	Title	Description
V-17187	Medium	Disable Trust Bar Notification for unsigned application add-ins - Access	By default, if an application is configured to require that all add-ins be signed by a trusted publisher, any unsigned add-ins the application loads will be disabled and the application will...
V-17184	Medium	No pop-ups - Access	The Pop-up Blocker feature in Internet Explorer can be used to block most unwanted pop-up and pop-under windows from appearing. This functionality can be controlled separately for instances of...
V-17183	Medium	Block navigation to URL embedded in Office products to protect against attack by malformed URL.	To protect users from attacks, Internet Explorer usually does not attempt to load malformed URLs. This functionality can be controlled separately for instances of Internet Explorer spawned by 2007...
V-17173	Medium	Disable user name and password syntax from being used in URLs	The Uniform Resource Locator (URL) standard allows user authentication to be included in URL strings in the form http://username:password@example.com. A malicious user might use this URL syntax to...
V-17174	Medium	Bind to Object - Access	Internet Explorer performs a number of safety checks before initializing an ActiveX control. It will not initialize a control if the kill bit for the control is set in the registry, or if the...
V-17175	Medium	Saved from URL - Access	Typically, when Internet Explorer loads a web page from a UNC share that contains a Mark of the Web (MOTW) comment that indicates the page was saved from a site on the Internet, Internet Explorer...
V-17810	Medium	Enable the feature to underline hyperlinks in Access.	By default, Access 2007 underlines hyperlinks that appear in tables, queries, forms, and reports. If this configuration is changed, users might click on dangerous hyperlinks without realizing it,...
V-17545	Medium	Enable Warning Bar settings for VBA macros contained in Access Files.	By default, when users open files in the specified applications that contain VBA macros, the applications open the files with the macros disabled and display the Trust Bar with a warning that...
V-17603	Medium	Do not Prompt to convert when opening older databases - Access.	By default, when users open databases that were created in the Access 97 file format, Access 2007 prompts them to convert the database to a newer file format. Users can choose to convert the...
V-17584	Medium	Set the default saved file format for Access.	By default, when users create new database files, Access 2007 saves them in the new Access 2007 format. Users can change this functionality by clicking the Office button, clicking Access Options,...
V-17757	Medium	Enable Modal Trust Decision Only - Access	By default, when users open an untrusted Access 2007 database that contains user-programmed executable components, Access opens the database with the components disabled and displays the Message...