UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Trust access for VBA must be disallowed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-17545 DTOO304 SV-52776r1_rule ECSC-1 Medium
Description
VSTO projects require access to the Visual Basic for Applications project system in Excel, PowerPoint, and Word, even though the projects do not use Visual Basic for Applications. Design-time support of controls in both Visual Basic and C# projects depends on the Visual Basic for Applications project system in Word and Excel. By default, Excel, Word, and PowerPoint do not allow automation clients to have programmatic access to VBA projects. Users can enable this by selecting the Trust access to the VBA project object model in the Macro Settings section of the Trust Center. However, doing so allows macros in any documents the user opens to access the core Visual Basic objects, methods, and properties, which represents a potential security hazard.
STIG Date
Microsoft Access 2013 STIG 2015-04-13

Details

Check Text ( None )
None
Fix Text (F-45702r1_fix)
Set policy value for User Configuration -> Administrative Templates -> Microsoft Access 2013 -> Application Settings -> Security -> Trust Center -> "VBA macro Notification Settings" must be set to "Enabled: Disable all with notification".