UCF STIG Viewer Logo

Microsoft InfoPath 2013 STIG


Date Finding Count (23)
2018-04-03 CAT I (High): 0 CAT II (Med): 23 CAT III (Low): 0
STIG Description
The Microsoft InfoPath 2013 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles

Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-17187 Medium Trust Bar Notifications for unsigned application add-ins must be blocked.
V-17667 Medium Disabling sending form templates with the email forms must be configured.
V-26620 Medium Disabling opening forms with managed code from the Internet security zone must be configured.
V-17580 Medium Opening behavior for Email forms containing code or scripts must be controlled.
V-17663 Medium Disabling the opening of solutions from the Internet Security Zone must be configured.
V-17764 Medium Unsafe file types must be prevented from being attached to InfoPath forms.
V-17745 Medium Beaconing UI shown for opened forms must be configured.
V-17746 Medium Beaconing of UI forms with ActiveX controls must be enforced.
V-17668 Medium InfoPath 2003 forms as email forms in InfoPath 2013 must be disallowed.
V-26697 Medium The InfoPath APTCA Assembly Allowable List must be enforced.
V-17611 Medium Email with InfoPath forms must be configured to show UI to recipients.
V-26619 Medium InfoPath email forms in Outlook must be disallowed.
V-26618 Medium InfoPath must be enforced to not use email forms from the Intranet security zone.
V-17658 Medium Disabling of Fully Trusted Solutions access to computers must be configured.
V-17657 Medium Disabling email forms running in Restricted Security Level must be configured.
V-17656 Medium Disabling email forms from the Internet Security Zone must be configured.
V-17655 Medium Disabling of email forms from the Full Trust Security Zone must be configured.
V-17654 Medium Disable dynamic caching of the form template in InfoPath eMail forms.
V-17758 Medium Offline Mode capability to cache queries for offline mode must be configured.
V-26589 Medium Add-ins to Office applications must be signed by a Trusted Publisher.
V-26621 Medium A form that is digitally signed must be displayed with a warning.
V-17471 Medium All automatic loading from Trusted Locations must be disabled.
V-17576 Medium Redirection behavior for upgraded web sites by SharePoint must be blocked.