UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Microsoft InfoPath 2010 STIG


Overview

Date Finding Count (24)
2018-04-03 CAT I (High): 0 CAT II (Med): 24 CAT III (Low): 0
STIG Description
Settings in this guidance assume a complete installation of Microsoft Office 2010 on the Windows 7 Platform. Registry paths and values identified in each control assume the use of Group Policy Administrative Templates. Installations not using Group Policies to administer Microsoft Office products may observe alternate registry paths for stored configuration values. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-17187 Medium Trust Bar Notifications for unsigned application add-ins must be blocked.
V-17667 Medium Disabling sending form templates with the email forms must be configured.
V-26620 Medium Disabling opening forms with managed code from the Internet security zone must be configured.
V-17580 Medium Opening behavior for EMail forms containing code or scripts must be controlled.
V-17663 Medium Disabling the opening of solutions from the Internet Security Zone must be configured.
V-17764 Medium Unsafe file types must be prevented from being attached to InfoPath forms.
V-17745 Medium Beaconing UI shown for opened forms must be configured.
V-17746 Medium Beaconing of UI forms with ActiveX controls must be enforced.
V-17668 Medium InfoPath 2003 forms as email forms in InfoPath 2010 must be disallowed.
V-26590 Medium Data Execution Prevention must be enforced.
V-26697 Medium The InfoPath APTCA Assembly Allowable List must be enforced.
V-17611 Medium Email with InfoPath forms must be configured to show UI to recipients.
V-26619 Medium InfoPath e-mail forms in Outlook must be disallowed.
V-26618 Medium InfoPath must be enforced to not use e-mail forms from the Intranet security zone.
V-17658 Medium Disabling of Fully Trusted Solutions access to computers must be configured.
V-17657 Medium Disabling email forms running in Restricted Security Level must be configured.
V-17656 Medium Disabling email forms from the Internet Security Zone must be configured.
V-17655 Medium Disabling of email forms from the Full Trust Security Zone must be configured.
V-17654 Medium Dynamic caching of InfoPath eMail forms must be disabled.
V-17758 Medium Offline Mode capability to cache queries for offline mode must be configured.
V-26589 Medium Application add-ins must be signed by Trusted Publisher.
V-26621 Medium A form that is digitally signed must be displayed with a warning.
V-17471 Medium All automatic loading from Trusted Locations must be disabled.
V-17576 Medium Redirection behavior for upgraded web sites by SharePoint must be blocked.