Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6328 | DTOO003 | SV-6398r1_rule | ECSC-1 | Medium |
Description |
---|
This could potentially send sensitive application data to the vendor and needs to be disabled. |
STIG | Date |
---|---|
Microsoft InfoPath 2003 | 2014-10-03 |
Check Text ( C-626r1_chk ) |
---|
Procedure: Use the Windows Registry Editor to navigate to the following key for Office XP: HKCU\Software\Policies\Microsoft\Office\10.0\Common. Look for the DWNeverUpload, DWNoExternalURL, DWNoFileCollection, and DWNoSecondLevelCollection value names. Use the Windows Registry Editor to navigate to the following key for Office 2003: HKCU\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW. Look for the DWReportee or DWNeverUpload value names. Criteria: For Office XP, if the value data for DWNeverUpload, DWNoExternalURL, DWNoFileCollection, and DWNoSecondLevelCollection is not 1 (the number one) or the key is not found, then this is a Finding. For Office 2003, if the value data for DWReportee or DWNeverUpload entry is not 1 (the number one) or the key is not found, this is a finding. |
Fix Text (F-5851r1_fix) |
---|
For Office XP, navigate to registry key HKCU\Software\Policies\Microsoft\Office\10.0\Common. Change the values for DWNeverUpload, DWNoExternalURL, DWNoFileCollection, and DWNoSecondLevelCollection to 1 (the number one). If the key does not exist, add it with the values at 1. For Office 2003, change the value of DWReportee or DWNeverUpload to 1 (the number one). If either key does not exist, add it with the value 1. |