UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

A form that is digitally signed must be displayed with a warning.


Overview

Finding ID Version Rule ID IA Controls Severity
V-26621 DTOO297 SV-53432r1_rule ECSC-1 Medium
Description
This setting controls whether or not the user sees a dialog box when opening Microsoft InfoPath forms containing digitally signed content. By default, InfoPath shows the user a warning message when the form contains a digital signature. By being aware of a digitally signed form, the user will be able to check the validity of the signature. Otherwise, the forms may have been maliciously modified and will be invalidated.
STIG Date
Microsoft InfoPath 2013 STIG 2014-01-06

Details

Check Text ( C-47665r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2013 -> Security "Display a warning that a form is digitally signed" must be set to "Enabled".

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\15.0\InfoPath\security

Criteria: If the value SignatureWarning is REG_DWORD = 1, this is not a finding.
Fix Text (F-46356r1_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2013 -> Security "Display a warning that a form is digitally signed" to "Enabled".