Open/Save actions for web pages and Excel 2003 XML spreadsheets must be blocked.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-26613	DTOO120	SV-53638r2_rule		Low

Description
This policy setting allows for determining whether users can open, view, edit, or save Excel files with the format specified by the title

STIG	Date
Microsoft Excel 2013 STIG	2018-04-03

Details

Check Text ( C-47764r1_chk )
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> File Block Settings "Web pages and Excel 2003 XML spreadsheets" is set to "Enabled: Open/Save blocked, use open policy". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock Criteria: If the value HtmlandXmlssFiles is REG_DWORD = 2, this is not a finding.

Check Text ( C-47764r1_chk )

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> File Block Settings "Web pages and Excel 2003 XML spreadsheets" is set to "Enabled: Open/Save blocked, use open policy".

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock

Criteria: If the value HtmlandXmlssFiles is REG_DWORD = 2, this is not a finding.

Fix Text (F-46564r1_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> File Block Settings "Web pages and Excel 2003 XML spreadsheets" to "Enabled: Open/Save blocked, use open policy".