STIGQter: STIG Summary: Microsoft Project 2013 STIG Version: 1 Release: 4 Benchmark Date: 27 Apr 2018:

Trust Bar Notifications for unsigned application add-ins must be blocked.

DISA Rule

SV-53228r1_rule

Vulnerability Number

V-40889

Group Title

DTOO131 - Trust Bar Notifications

Rule Version

DTOO131

Severity

CAT II

CCI(s)

CCI-001749 - The information system prevents the installation of organization-defined software components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization.

Weight

Fix Recommendation

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Project 2013 -> Project Options -> Security -> Trust Center -> "Disable Trust Bar Notification for unsigned application add-ins and block them" to "Enabled".

Check Contents

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Project 2013 -> Project Options -> Security -> Trust Center -> "Disable Trust Bar Notification for unsigned application add-ins and block them" is set to "Enabled".

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\software\policies\Microsoft\office\15.0\ms project\security

Criteria: If the value notbpromptunsignedaddin is REG_DWORD = 1, this is not a finding.

Trust Bar Notifications for unsigned application add-ins must be blocked.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments