Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Legacy format signatures must be enabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-228520 | DTOO203 | SV-228520r508020_rule | Medium |
| Description |
|---|
| Office applications use the XML-based XMLDSIG format to attach digital signatures to documents, including Office 97-2003 binary documents. XMLDSIG signatures are not recognized by Office 2003 applications or previous versions. If an Office user opens an Excel, PowerPoint, or Word binary document with an XMLDSIG signature attached, the signature will be lost. |
| STIG | Date |
|---|---|
| Microsoft Office System 2013 Security Technical Implementation Guide | 2020-09-25 |
Details
| Check Text ( C-30753r498838_chk ) |
|---|
| Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Signing "Legacy format signatures" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\signatures If the value 'EnableCreationOfWeakXPSignatures' is REG_DWORD = 1, this is not a finding. Fix Text: Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Signing "Legacy format signatures" to "Enabled". |
| Fix Text (F-30738r498839_fix) |
|---|
| Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Signing "Legacy format signatures" to "Enabled". |