When using the Office Feedback tool, the ability to include a screenshot must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-40880 | DTOO410 | SV-53212r2_rule | Medium |
| Description |
|---|
| The "Office Feedback" tool, also called "Send-a-Smile", allows a user to click on an icon and send feedback to Microsoft. The "Office Feedback" Tool must be configured to be disabled. In the event that the Office Feedback Tool has not been configured correctly as disabled, this policy configures whether the uploading of screenshots via the tool is allowed and should also be disabled. Uploading screenshots to a commercial vendor from a DoD computer may unintentionally reveal configuration and/or FOUO content. |
| STIG | Date |
|---|---|
| Microsoft Office System 2013 STIG | 2017-06-20 |
Details
| Check Text ( C-47518r5_chk ) |
|---|
| Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Privacy >> Trust Center >>"Allow including screenshot with Office Feedback" is set to "Disabled". Use the Windows Registry Editor to navigate to the following hive: HKEY_Users For every users profile hive under HKEY_Users, navigate to the following key: \software\policies\Microsoft\office\15.0\common\feedback If the value “includescreenshot” is REG_DWORD = 0 for every user profile hive, this is not a finding. |
| Fix Text (F-46138r3_fix) |
|---|
| Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Privacy -> Trust Center -> "Allow including screenshot with Office Feedback" to "Disabled". |