UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Key Usage Filtering must be allowed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-26629 DTOO311 - Office System SV-34085r1_rule ECSC-1 Medium
Description
This policy setting allows you to filter a list of digital certificates for signing Excel, PowerPoint, and Word documents, based on the Key Usage field. The Key Usage field in a certificate is used to represent a series of basic constraints about the broad types of operations that can be performed with the certificate. Key usage filtering allows you to filter the list of installed certificates that can be used for signing documents. The filtered list will appear when users attempt to select a certificate for digitally signing a document.
STIG Date
Microsoft Office System 2010 2012-06-22

Details

Check Text ( C-34225r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft Office 2010 -> Signing “Key Usage Filtering” must be set to “Enabled”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\14.0\common\general

Criteria: If the value FilterDigitalSignatureCert is REG_DWORD = 1, this is not a finding.
Fix Text (F-29915r1_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2010 -> Signing “Key Usage Filtering” to “Enabled”.