UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Untrusted database files must be opened in Excel in Protected View mode.


Overview

Finding ID Version Rule ID IA Controls Severity
V-99753 O365-EX-000030 SV-108857r2_rule Medium
Description
This policy setting controls whether database files (.dbf) opened from an untrusted location are always opened in Protected View. If you enable this policy setting, database files opened from an untrusted location are always opened in Protected View. Users will not be able to change this setting under File >> Options >> Trust Center >> Trust Center Settings >> Protected View. If you disable or do not configure this policy setting, database files opened from an untrusted location are not opened in Protected View, unless users have changed this setting in the Trust Center. Note: This policy setting only applies to subscription versions of Office, such as Office 365 ProPlus.
STIG Date
Microsoft Office 365 ProPlus Security Technical Implementation Guide 2020-06-17

Details

Check Text ( C-98603r5_chk )
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Excel 2016 >> Excel Options >> Security >> Trust Center >> External Content >> Protected View Always open untrusted database files in Protected View is set to "Enabled".

Use the Windows Registry Editor to navigate to the following key:

Microsoft Excel 2016\Excel Options\Security\Trust Center\Protected View

If the value for enabledatabasefileprotectedview is REG_DWORD = 1, this is not a finding.
Fix Text (F-105437r4_fix)
Set policy value for User Configuration >> Administrative Templates >> Microsoft Excel 2016 >> Excel Options >> Security >> Trust Center >> External Content >> Always open untrusted database files in Protected View to "Enabled".