STIGQter: STIG Summary: Microsoft Office 365 ProPlus Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The Local Machine Zone Lockdown Security must be enabled in all Office programs.

DISA Rule

SV-223300r508019_rule

Vulnerability Number

V-223300

Group Title

SRG-APP-000516

Rule Version

O365-CO-000018

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Set the policy value for Computer Configuration >> Administrative Templates >> Microsoft Office 2016 (Machine) >> Security Settings >> IE Security >> Local Machine Zone Lockdown to "Enabled" and select the check boxes for all installed Office programs.

Check Contents

Verify the policy value for Computer Configuration >> Administrative Templates >> Microsoft Office 2016 (Machine) >> Security Settings >> IE Security >> Local Machine Zone Lockdown Security is set to "Enabled" and the check box is selected for every installed Office program.

Use the Windows Registry Editor to navigate to the following key:

HKLM\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown

If the value for all installed Office programs is REG_DWORD = 1, this is not a finding.

Vulnerability Number

V-223300

Documentable

False

Rule Version

O365-CO-000018

Severity Override Guidance

Verify the policy value for Computer Configuration >> Administrative Templates >> Microsoft Office 2016 (Machine) >> Security Settings >> IE Security >> Local Machine Zone Lockdown Security is set to "Enabled" and the check box is selected for every installed Office program.

Use the Windows Registry Editor to navigate to the following key:

HKLM\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown

If the value for all installed Office programs is REG_DWORD = 1, this is not a finding.

Check Content Reference

M

Target Key

4099

Comments