STIGQter: STIG Summary: Microsoft PowerPoint 2013 STIG Version: 1 Release: 6 Benchmark Date: 27 Apr 2018:

Document behavior if file validation fails must be set.

DISA Rule

SV-53524r1_rule

Vulnerability Number

V-26616

Group Title

DTOO292 - Set document behavior

Rule Version

DTOO292

Severity

CAT II

CCI(s)

CCI-001170 - The information system prevents the automatic execution of mobile code in organization-defined software applications.

Weight

Fix Recommendation

Set the policy value for User Configuration -> Administrative Templates -> Microsoft PowerPoint 2013 -> PowerPoint Options -> Security -> Trust Center -> Protected View "Set document behavior if file validation fails" to "Enabled: Open in Protected View" and Unchecked for "Do not allow edit".

Check Contents

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft PowerPoint 2013 -> PowerPoint Options -> Security -> Trust Center -> Protected View "Set document behavior if file validation fails" must be "Enabled: Open in Protected View" and Unchecked for "Do not allow edit".

Procedure: Use the Windows Registry Editor to navigate to the following keys:

If both
HKCU\Software\Policies\Microsoft\Office\15.0\PowerPoint\security\filevalidation\OpenInProtectedView is set to REG_DWORD = 1 and HKCU\Software\Policies\Microsoft\Office\15.0\PowerPoint\security\filevalidation\DisableEditFromPV is set to REG_DWORD = 1, this is not a finding.

If either, or both keys are not set to REG_DWORD = 1, this is an open finding.

Document behavior if file validation fails must be set.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments