When using the Office Feedback tool, the ability to include a screenshot must be disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-228525	DTOO410	SV-228525r508020_rule		Medium

Description
The "Office Feedback" tool, also called "Send-a-Smile", allows a user to click on an icon and send feedback to Microsoft. The "Office Feedback" Tool must be configured to be disabled. In the event that the Office Feedback Tool has not been configured correctly as disabled, this policy configures whether the uploading of screenshots via the tool is allowed and should also be disabled. Uploading screenshots to a commercial vendor from a DoD computer may unintentionally reveal configuration and/or FOUO content.

Description

The "Office Feedback" tool, also called "Send-a-Smile", allows a user to click on an icon and send feedback to Microsoft. The "Office Feedback" Tool must be configured to be disabled. In the event that the Office Feedback Tool has not been configured correctly as disabled, this policy configures whether the uploading of screenshots via the tool is allowed and should also be disabled. Uploading screenshots to a commercial vendor from a DoD computer may unintentionally reveal configuration and/or FOUO content.

STIG	Date
Microsoft Office System 2013 Security Technical Implementation Guide	2020-09-25

Details

Check Text ( C-30758r498853_chk )
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Privacy >> Trust Center >>"Allow including screenshot with Office Feedback" is set to "Disabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\feedback If the value 'includescreenshot' is REG_DWORD = 0, this is not a finding.

Fix Text (F-30743r498854_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Privacy -> Trust Center -> "Allow including screenshot with Office Feedback" to "Disabled".