Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-17471 | DTOO133 - Word | SV-18531r1_rule | ECSC-1 | Medium |
Description |
---|
Trusted locations specified in the Trust Center are used to define file locations that are assumed to be safe. Content, code, and add-ins are allowed to load from trusted locations with a minimal amount of security, without prompting the users for permission. If a dangerous file is opened from a trusted location, it will not be subject to standard security measures and could harm users' computers or data. By default, files located in trusted locations (those specified in the Trust Center) are assumed to be safe. |
STIG | Date |
---|---|
Microsoft Word 2007 | 2014-04-03 |
Check Text ( C-18820r1_chk ) |
---|
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Word 2007 -> Word Options -> Security -> Trust Center -> Trusted Locations “Disable all trusted locations” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\Word\Security\Trusted Locations Criteria: If the value AllLocationsDisabled is REG_DWORD = 1, this is not a finding. |
Fix Text (F-17412r1_fix) |
---|
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Word 2007 -> Word Options -> Security -> Trust Center -> Trusted Locations “Disable all trusted locations” will be set to “Enabled”. |