The ability to run unsecure Office apps must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-70895 | DTOO412 | SV-85519r1_rule | Medium |
| Description |
|---|
| Unsecure apps for Office, which are apps that have web page or catalog locations that are not SSL-secured (https://), and/or are not in users' Internet zones may allow data to be transmitted/accessed via clear text to outside sources. By configuring this policy to be disabled, users will be prevented from transmitting/accessing data in a nonsecure manner. |
| STIG | Date |
|---|---|
| Microsoft Office System 2016 STIG | 2016-12-21 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-46141r1_fix) |
|---|
| Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2016 -> Security Settings -> Trust Center -> Trusted Catalogs "Allow Unsecure Apps and Catalogs" to "Disabled". |