StigData/Archive/Office/U_MS_OfficeSystem_2013_STIG_V1R9_Manual-xccdf.xml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
<?xml version="1.0" encoding="utf-8"?><?xml-stylesheet type='text/xsl' href='STIG_unclass.xsl'?>
<Benchmark xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:cpe="http://cpe.mitre.org/language/2.0"
    xmlns:xhtml="http://www.w3.org/1999/xhtml"
    xmlns:dc="http://purl.org/dc/elements/1.1/" id="Microsoft_Office_System_2013" xml:lang="en" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 http://nvd.nist.gov/schema/xccdf-1.1.4.xsd http://cpe.mitre.org/dictionary/2.0 http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd"
    xmlns="http://checklists.nist.gov/xccdf/1.1">
    <status date="2019-09-30">accepted</status>
    <title>Microsoft Office System 2013 STIG</title>
    <description>The Microsoft Office System 2013 STIG is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the NIST 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.</description>
    <notice id="terms-of-use" xml:lang="en"></notice>
    <reference href="http://iase.disa.mil">
        <dc:publisher>DISA</dc:publisher>
        <dc:source>STIG.DOD.MIL</dc:source>
    </reference>
    <plain-text id="release-info">Release: 9 Benchmark Date: 25 Oct 2019</plain-text>
    <version>1</version>
    <Profile id="MAC-1_Classified">
        <title>I - Mission Critical Classified</title>
        <description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description>
        <select idref="V-17547" selected="true" />
        <select idref="V-17560" selected="true" />
        <select idref="V-17581" selected="true" />
        <select idref="V-17583" selected="true" />
        <select idref="V-17590" selected="true" />
        <select idref="V-17605" selected="true" />
        <select idref="V-17612" selected="true" />
        <select idref="V-17617" selected="true" />
        <select idref="V-17619" selected="true" />
        <select idref="V-17627" selected="true" />
        <select idref="V-17659" selected="true" />
        <select idref="V-17660" selected="true" />
        <select idref="V-17661" selected="true" />
        <select idref="V-17664" selected="true" />
        <select idref="V-17665" selected="true" />
        <select idref="V-17669" selected="true" />
        <select idref="V-17670" selected="true" />
        <select idref="V-17731" selected="true" />
        <select idref="V-17740" selected="true" />
        <select idref="V-17741" selected="true" />
        <select idref="V-17749" selected="true" />
        <select idref="V-17750" selected="true" />
        <select idref="V-17759" selected="true" />
        <select idref="V-17765" selected="true" />
        <select idref="V-17768" selected="true" />
        <select idref="V-17769" selected="true" />
        <select idref="V-17773" selected="true" />
        <select idref="V-17805" selected="true" />
        <select idref="V-26630" selected="true" />
        <select idref="V-26704" selected="true" />
        <select idref="V-40858" selected="true" />
        <select idref="V-40859" selected="true" />
        <select idref="V-40860" selected="true" />
        <select idref="V-40861" selected="true" />
        <select idref="V-40862" selected="true" />
        <select idref="V-40863" selected="true" />
        <select idref="V-40864" selected="true" />
        <select idref="V-40875" selected="true" />
        <select idref="V-40879" selected="true" />
        <select idref="V-40880" selected="true" />
        <select idref="V-40881" selected="true" />
        <select idref="V-40882" selected="true" />
        <select idref="V-40883" selected="true" />
        <select idref="V-40884" selected="true" />
        <select idref="V-40885" selected="true" />
        <select idref="V-40886" selected="true" />
        <select idref="V-40887" selected="true" />
    </Profile>
    <Profile id="MAC-1_Public">
        <title>I - Mission Critical Public</title>
        <description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description>
        <select idref="V-17547" selected="true" />
        <select idref="V-17560" selected="true" />
        <select idref="V-17581" selected="true" />
        <select idref="V-17583" selected="true" />
        <select idref="V-17590" selected="true" />
        <select idref="V-17605" selected="true" />
        <select idref="V-17612" selected="true" />
        <select idref="V-17617" selected="true" />
        <select idref="V-17619" selected="true" />
        <select idref="V-17627" selected="true" />
        <select idref="V-17659" selected="true" />
        <select idref="V-17660" selected="true" />
        <select idref="V-17661" selected="true" />
        <select idref="V-17664" selected="true" />
        <select idref="V-17665" selected="true" />
        <select idref="V-17669" selected="true" />
        <select idref="V-17670" selected="true" />
        <select idref="V-17731" selected="true" />
        <select idref="V-17740" selected="true" />
        <select idref="V-17741" selected="true" />
        <select idref="V-17749" selected="true" />
        <select idref="V-17750" selected="true" />
        <select idref="V-17759" selected="true" />
        <select idref="V-17765" selected="true" />
        <select idref="V-17768" selected="true" />
        <select idref="V-17769" selected="true" />
        <select idref="V-17773" selected="true" />
        <select idref="V-17805" selected="true" />
        <select idref="V-26630" selected="true" />
        <select idref="V-26704" selected="true" />
        <select idref="V-40858" selected="true" />
        <select idref="V-40859" selected="true" />
        <select idref="V-40860" selected="true" />
        <select idref="V-40861" selected="true" />
        <select idref="V-40862" selected="true" />
        <select idref="V-40863" selected="true" />
        <select idref="V-40864" selected="true" />
        <select idref="V-40875" selected="true" />
        <select idref="V-40879" selected="true" />
        <select idref="V-40880" selected="true" />
        <select idref="V-40881" selected="true" />
        <select idref="V-40882" selected="true" />
        <select idref="V-40883" selected="true" />
        <select idref="V-40884" selected="true" />
        <select idref="V-40885" selected="true" />
        <select idref="V-40886" selected="true" />
        <select idref="V-40887" selected="true" />
    </Profile>
    <Profile id="MAC-1_Sensitive">
        <title>I - Mission Critical Sensitive</title>
        <description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description>
        <select idref="V-17547" selected="true" />
        <select idref="V-17560" selected="true" />
        <select idref="V-17581" selected="true" />
        <select idref="V-17583" selected="true" />
        <select idref="V-17590" selected="true" />
        <select idref="V-17605" selected="true" />
        <select idref="V-17612" selected="true" />
        <select idref="V-17617" selected="true" />
        <select idref="V-17619" selected="true" />
        <select idref="V-17627" selected="true" />
        <select idref="V-17659" selected="true" />
        <select idref="V-17660" selected="true" />
        <select idref="V-17661" selected="true" />
        <select idref="V-17664" selected="true" />
        <select idref="V-17665" selected="true" />
        <select idref="V-17669" selected="true" />
        <select idref="V-17670" selected="true" />
        <select idref="V-17731" selected="true" />
        <select idref="V-17740" selected="true" />
        <select idref="V-17741" selected="true" />
        <select idref="V-17749" selected="true" />
        <select idref="V-17750" selected="true" />
        <select idref="V-17759" selected="true" />
        <select idref="V-17765" selected="true" />
        <select idref="V-17768" selected="true" />
        <select idref="V-17769" selected="true" />
        <select idref="V-17773" selected="true" />
        <select idref="V-17805" selected="true" />
        <select idref="V-26630" selected="true" />
        <select idref="V-26704" selected="true" />
        <select idref="V-40858" selected="true" />
        <select idref="V-40859" selected="true" />
        <select idref="V-40860" selected="true" />
        <select idref="V-40861" selected="true" />
        <select idref="V-40862" selected="true" />
        <select idref="V-40863" selected="true" />
        <select idref="V-40864" selected="true" />
        <select idref="V-40875" selected="true" />
        <select idref="V-40879" selected="true" />
        <select idref="V-40880" selected="true" />
        <select idref="V-40881" selected="true" />
        <select idref="V-40882" selected="true" />
        <select idref="V-40883" selected="true" />
        <select idref="V-40884" selected="true" />
        <select idref="V-40885" selected="true" />
        <select idref="V-40886" selected="true" />
        <select idref="V-40887" selected="true" />
    </Profile>
    <Profile id="MAC-2_Classified">
        <title>II - Mission Support Classified</title>
        <description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description>
        <select idref="V-17547" selected="true" />
        <select idref="V-17560" selected="true" />
        <select idref="V-17581" selected="true" />
        <select idref="V-17583" selected="true" />
        <select idref="V-17590" selected="true" />
        <select idref="V-17605" selected="true" />
        <select idref="V-17612" selected="true" />
        <select idref="V-17617" selected="true" />
        <select idref="V-17619" selected="true" />
        <select idref="V-17627" selected="true" />
        <select idref="V-17659" selected="true" />
        <select idref="V-17660" selected="true" />
        <select idref="V-17661" selected="true" />
        <select idref="V-17664" selected="true" />
        <select idref="V-17665" selected="true" />
        <select idref="V-17669" selected="true" />
        <select idref="V-17670" selected="true" />
        <select idref="V-17731" selected="true" />
        <select idref="V-17740" selected="true" />
        <select idref="V-17741" selected="true" />
        <select idref="V-17749" selected="true" />
        <select idref="V-17750" selected="true" />
        <select idref="V-17759" selected="true" />
        <select idref="V-17765" selected="true" />
        <select idref="V-17768" selected="true" />
        <select idref="V-17769" selected="true" />
        <select idref="V-17773" selected="true" />
        <select idref="V-17805" selected="true" />
        <select idref="V-26630" selected="true" />
        <select idref="V-26704" selected="true" />
        <select idref="V-40858" selected="true" />
        <select idref="V-40859" selected="true" />
        <select idref="V-40860" selected="true" />
        <select idref="V-40861" selected="true" />
        <select idref="V-40862" selected="true" />
        <select idref="V-40863" selected="true" />
        <select idref="V-40864" selected="true" />
        <select idref="V-40875" selected="true" />
        <select idref="V-40879" selected="true" />
        <select idref="V-40880" selected="true" />
        <select idref="V-40881" selected="true" />
        <select idref="V-40882" selected="true" />
        <select idref="V-40883" selected="true" />
        <select idref="V-40884" selected="true" />
        <select idref="V-40885" selected="true" />
        <select idref="V-40886" selected="true" />
        <select idref="V-40887" selected="true" />
    </Profile>
    <Profile id="MAC-2_Public">
        <title>II - Mission Support Public</title>
        <description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description>
        <select idref="V-17547" selected="true" />
        <select idref="V-17560" selected="true" />
        <select idref="V-17581" selected="true" />
        <select idref="V-17583" selected="true" />
        <select idref="V-17590" selected="true" />
        <select idref="V-17605" selected="true" />
        <select idref="V-17612" selected="true" />
        <select idref="V-17617" selected="true" />
        <select idref="V-17619" selected="true" />
        <select idref="V-17627" selected="true" />
        <select idref="V-17659" selected="true" />
        <select idref="V-17660" selected="true" />
        <select idref="V-17661" selected="true" />
        <select idref="V-17664" selected="true" />
        <select idref="V-17665" selected="true" />
        <select idref="V-17669" selected="true" />
        <select idref="V-17670" selected="true" />
        <select idref="V-17731" selected="true" />
        <select idref="V-17740" selected="true" />
        <select idref="V-17741" selected="true" />
        <select idref="V-17749" selected="true" />
        <select idref="V-17750" selected="true" />
        <select idref="V-17759" selected="true" />
        <select idref="V-17765" selected="true" />
        <select idref="V-17768" selected="true" />
        <select idref="V-17769" selected="true" />
        <select idref="V-17773" selected="true" />
        <select idref="V-17805" selected="true" />
        <select idref="V-26630" selected="true" />
        <select idref="V-26704" selected="true" />
        <select idref="V-40858" selected="true" />
        <select idref="V-40859" selected="true" />
        <select idref="V-40860" selected="true" />
        <select idref="V-40861" selected="true" />
        <select idref="V-40862" selected="true" />
        <select idref="V-40863" selected="true" />
        <select idref="V-40864" selected="true" />
        <select idref="V-40875" selected="true" />
        <select idref="V-40879" selected="true" />
        <select idref="V-40880" selected="true" />
        <select idref="V-40881" selected="true" />
        <select idref="V-40882" selected="true" />
        <select idref="V-40883" selected="true" />
        <select idref="V-40884" selected="true" />
        <select idref="V-40885" selected="true" />
        <select idref="V-40886" selected="true" />
        <select idref="V-40887" selected="true" />
    </Profile>
    <Profile id="MAC-2_Sensitive">
        <title>II - Mission Support Sensitive</title>
        <description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description>
        <select idref="V-17547" selected="true" />
        <select idref="V-17560" selected="true" />
        <select idref="V-17581" selected="true" />
        <select idref="V-17583" selected="true" />
        <select idref="V-17590" selected="true" />
        <select idref="V-17605" selected="true" />
        <select idref="V-17612" selected="true" />
        <select idref="V-17617" selected="true" />
        <select idref="V-17619" selected="true" />
        <select idref="V-17627" selected="true" />
        <select idref="V-17659" selected="true" />
        <select idref="V-17660" selected="true" />
        <select idref="V-17661" selected="true" />
        <select idref="V-17664" selected="true" />
        <select idref="V-17665" selected="true" />
        <select idref="V-17669" selected="true" />
        <select idref="V-17670" selected="true" />
        <select idref="V-17731" selected="true" />
        <select idref="V-17740" selected="true" />
        <select idref="V-17741" selected="true" />
        <select idref="V-17749" selected="true" />
        <select idref="V-17750" selected="true" />
        <select idref="V-17759" selected="true" />
        <select idref="V-17765" selected="true" />
        <select idref="V-17768" selected="true" />
        <select idref="V-17769" selected="true" />
        <select idref="V-17773" selected="true" />
        <select idref="V-17805" selected="true" />
        <select idref="V-26630" selected="true" />
        <select idref="V-26704" selected="true" />
        <select idref="V-40858" selected="true" />
        <select idref="V-40859" selected="true" />
        <select idref="V-40860" selected="true" />
        <select idref="V-40861" selected="true" />
        <select idref="V-40862" selected="true" />
        <select idref="V-40863" selected="true" />
        <select idref="V-40864" selected="true" />
        <select idref="V-40875" selected="true" />
        <select idref="V-40879" selected="true" />
        <select idref="V-40880" selected="true" />
        <select idref="V-40881" selected="true" />
        <select idref="V-40882" selected="true" />
        <select idref="V-40883" selected="true" />
        <select idref="V-40884" selected="true" />
        <select idref="V-40885" selected="true" />
        <select idref="V-40886" selected="true" />
        <select idref="V-40887" selected="true" />
    </Profile>
    <Profile id="MAC-3_Classified">
        <title>III - Administrative Classified</title>
        <description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description>
        <select idref="V-17547" selected="true" />
        <select idref="V-17560" selected="true" />
        <select idref="V-17581" selected="true" />
        <select idref="V-17583" selected="true" />
        <select idref="V-17590" selected="true" />
        <select idref="V-17605" selected="true" />
        <select idref="V-17612" selected="true" />
        <select idref="V-17617" selected="true" />
        <select idref="V-17619" selected="true" />
        <select idref="V-17627" selected="true" />
        <select idref="V-17659" selected="true" />
        <select idref="V-17660" selected="true" />
        <select idref="V-17661" selected="true" />
        <select idref="V-17664" selected="true" />
        <select idref="V-17665" selected="true" />
        <select idref="V-17669" selected="true" />
        <select idref="V-17670" selected="true" />
        <select idref="V-17731" selected="true" />
        <select idref="V-17740" selected="true" />
        <select idref="V-17741" selected="true" />
        <select idref="V-17749" selected="true" />
        <select idref="V-17750" selected="true" />
        <select idref="V-17759" selected="true" />
        <select idref="V-17765" selected="true" />
        <select idref="V-17768" selected="true" />
        <select idref="V-17769" selected="true" />
        <select idref="V-17773" selected="true" />
        <select idref="V-17805" selected="true" />
        <select idref="V-26630" selected="true" />
        <select idref="V-26704" selected="true" />
        <select idref="V-40858" selected="true" />
        <select idref="V-40859" selected="true" />
        <select idref="V-40860" selected="true" />
        <select idref="V-40861" selected="true" />
        <select idref="V-40862" selected="true" />
        <select idref="V-40863" selected="true" />
        <select idref="V-40864" selected="true" />
        <select idref="V-40875" selected="true" />
        <select idref="V-40879" selected="true" />
        <select idref="V-40880" selected="true" />
        <select idref="V-40881" selected="true" />
        <select idref="V-40882" selected="true" />
        <select idref="V-40883" selected="true" />
        <select idref="V-40884" selected="true" />
        <select idref="V-40885" selected="true" />
        <select idref="V-40886" selected="true" />
        <select idref="V-40887" selected="true" />
    </Profile>
    <Profile id="MAC-3_Public">
        <title>III - Administrative Public</title>
        <description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description>
        <select idref="V-17547" selected="true" />
        <select idref="V-17560" selected="true" />
        <select idref="V-17581" selected="true" />
        <select idref="V-17583" selected="true" />
        <select idref="V-17590" selected="true" />
        <select idref="V-17605" selected="true" />
        <select idref="V-17612" selected="true" />
        <select idref="V-17617" selected="true" />
        <select idref="V-17619" selected="true" />
        <select idref="V-17627" selected="true" />
        <select idref="V-17659" selected="true" />
        <select idref="V-17660" selected="true" />
        <select idref="V-17661" selected="true" />
        <select idref="V-17664" selected="true" />
        <select idref="V-17665" selected="true" />
        <select idref="V-17669" selected="true" />
        <select idref="V-17670" selected="true" />
        <select idref="V-17731" selected="true" />
        <select idref="V-17740" selected="true" />
        <select idref="V-17741" selected="true" />
        <select idref="V-17749" selected="true" />
        <select idref="V-17750" selected="true" />
        <select idref="V-17759" selected="true" />
        <select idref="V-17765" selected="true" />
        <select idref="V-17768" selected="true" />
        <select idref="V-17769" selected="true" />
        <select idref="V-17773" selected="true" />
        <select idref="V-17805" selected="true" />
        <select idref="V-26630" selected="true" />
        <select idref="V-26704" selected="true" />
        <select idref="V-40858" selected="true" />
        <select idref="V-40859" selected="true" />
        <select idref="V-40860" selected="true" />
        <select idref="V-40861" selected="true" />
        <select idref="V-40862" selected="true" />
        <select idref="V-40863" selected="true" />
        <select idref="V-40864" selected="true" />
        <select idref="V-40875" selected="true" />
        <select idref="V-40879" selected="true" />
        <select idref="V-40880" selected="true" />
        <select idref="V-40881" selected="true" />
        <select idref="V-40882" selected="true" />
        <select idref="V-40883" selected="true" />
        <select idref="V-40884" selected="true" />
        <select idref="V-40885" selected="true" />
        <select idref="V-40886" selected="true" />
        <select idref="V-40887" selected="true" />
    </Profile>
    <Profile id="MAC-3_Sensitive">
        <title>III - Administrative Sensitive</title>
        <description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description>
        <select idref="V-17547" selected="true" />
        <select idref="V-17560" selected="true" />
        <select idref="V-17581" selected="true" />
        <select idref="V-17583" selected="true" />
        <select idref="V-17590" selected="true" />
        <select idref="V-17605" selected="true" />
        <select idref="V-17612" selected="true" />
        <select idref="V-17617" selected="true" />
        <select idref="V-17619" selected="true" />
        <select idref="V-17627" selected="true" />
        <select idref="V-17659" selected="true" />
        <select idref="V-17660" selected="true" />
        <select idref="V-17661" selected="true" />
        <select idref="V-17664" selected="true" />
        <select idref="V-17665" selected="true" />
        <select idref="V-17669" selected="true" />
        <select idref="V-17670" selected="true" />
        <select idref="V-17731" selected="true" />
        <select idref="V-17740" selected="true" />
        <select idref="V-17741" selected="true" />
        <select idref="V-17749" selected="true" />
        <select idref="V-17750" selected="true" />
        <select idref="V-17759" selected="true" />
        <select idref="V-17765" selected="true" />
        <select idref="V-17768" selected="true" />
        <select idref="V-17769" selected="true" />
        <select idref="V-17773" selected="true" />
        <select idref="V-17805" selected="true" />
        <select idref="V-26630" selected="true" />
        <select idref="V-26704" selected="true" />
        <select idref="V-40858" selected="true" />
        <select idref="V-40859" selected="true" />
        <select idref="V-40860" selected="true" />
        <select idref="V-40861" selected="true" />
        <select idref="V-40862" selected="true" />
        <select idref="V-40863" selected="true" />
        <select idref="V-40864" selected="true" />
        <select idref="V-40875" selected="true" />
        <select idref="V-40879" selected="true" />
        <select idref="V-40880" selected="true" />
        <select idref="V-40881" selected="true" />
        <select idref="V-40882" selected="true" />
        <select idref="V-40883" selected="true" />
        <select idref="V-40884" selected="true" />
        <select idref="V-40885" selected="true" />
        <select idref="V-40886" selected="true" />
        <select idref="V-40887" selected="true" />
    </Profile>
    <Group id="V-17547">
        <title>DTOO191-ActiveX Control Initialization for Office</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52728r4_rule" severity="medium" weight="10.0">
            <version>DTOO191</version>
            <title>ActiveX control initialization must be disabled.</title>
            <description>&lt;VulnDiscussion&gt;ActiveX controls can adversely affect a computer directly. In addition, malicious code can be used to compromise an ActiveX control and attack a computer. To indicate the safety of an ActiveX control, developers can denote them as Safe For Initialization (SFI). SFI indicates a control is safe to open and run, and it is not capable of causing a problem for any computer, regardless of whether it has persisted data values or not.
If a control is not marked SFI, it is possible the control could adversely affect a computer—or it could mean the developers did not test the control in all situations and are not sure whether it might be compromised in the future.
By default, if a control is marked SFI, the application loads the control in safe mode and uses persisted values (if any). If the control is not marked SFI, the application loads the control in unsafe mode with persisted values (if any), or uses the default (first-time initialization) settings. In both situations, the Message Bar informs users the controls have been disabled and prompts them to respond.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-002460</ident>
            <fixtext fixref="F-45653r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Security Settings "ActiveX Control Initialization" to "Disabled".</fixtext>
            <fix id="F-45653r1_fix" />
            <check system="C-47056r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Security Settings "ActiveX Control Initialization" is set to "Disabled".
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\Common\Security
 
If the value “UFIControls” exists, this is a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17560">
        <title>DTOO196 - Mix of Policy and User Locations </title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52745r4_rule" severity="medium" weight="10.0">
            <version>DTOO196</version>
            <title>A mix of policy and user locations for Office Products must be disallowed.</title>
            <description>&lt;VulnDiscussion&gt;When Microsoft Office files are opened from trusted locations, all the content in the files is enabled and active. Users are not notified about any potential risks that might be contained in the files, such as unsigned macros, ActiveX controls, or links to content on the Internet.
By default, users can specify any location as a trusted location, and a computer can have a combination of user-created, OCT-created, and Group Policy–created trusted locations.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000366</ident>
            <fixtext fixref="F-45671r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Security Settings -&gt; Trust Center "Allow mix of policy and user locations" to "Disabled".</fixtext>
            <fix id="F-45671r1_fix" />
            <check system="C-47074r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Security Settings &gt;&gt; Trust Center "Allow mix of policy and user locations" is set to "Disabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\security\trusted locations
 
If the value “Allow User Locations” is REG_DWORD = 0, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17581">
        <title>DTOO212 - Control Blogging </title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52756r4_rule" severity="medium" weight="10.0">
            <version>DTOO212</version>
            <title>Blogging entries created from inside Office products must be configured for SharePoint only.</title>
            <description>&lt;VulnDiscussion&gt;The blogging feature in Office products enables users to compose blog entries and post them to their blogs directly from Office, without using any additional software.
By default, users can post blog entries to any compatible blogging service provider, including Windows Live Spaces, Blogger, a SharePoint or Community Server site, and others. Leaving this capability enabled introduces the risk of users posting confidential and FOUO date to non-DoD sites.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000366</ident>
            <fixtext fixref="F-45682r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Miscellaneous "Control Blogging" to "Enabled (Only SharePoint blogs allowed)".</fixtext>
            <fix id="F-45682r1_fix" />
            <check system="C-47085r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Miscellaneous "Control Blogging" is set to "Enabled (Only SharePoint blogs allowed)".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\Common\Blog
 
If the value “DisableBlog” is REG_DWORD = 1, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17583">
        <title>DTOO200 - Allow users to read with browsers</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52749r4_rule" severity="medium" weight="10.0">
            <version>DTOO200</version>
            <title>Office must be configured to not allow read with browsers.</title>
            <description>&lt;VulnDiscussion&gt;The Windows Rights Management Add-on for Internet Explorer provides a way for users who do not use the 2013 Office release to view, but not alter, files with restricted permissions. By default, IRM-enabled files are saved in a format that cannot be viewed by using the Windows Rights Management Add-on. If this setting is enabled, an embedded rights-managed HTML version of the content is saved with each IRM-enabled file, which can be viewed in Internet Explorer using the add-on, representing the risk of documents being read by those without the rights and not intended to have access to the document.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-002165</ident>
            <fixtext fixref="F-45675r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Manage Restricted Permissions "Allow users with earlier versions of Office to read with browsers" to "Disabled".</fixtext>
            <fix id="F-45675r1_fix" />
            <check system="C-47078r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Manage Restricted Permissions "Allow users with earlier versions of Office to read with browsers" is set to "Disabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\drm
 
If the value “IncludeHTML” is REG_DWORD = 0, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17590">
        <title>DTOO186 - Trust Bar Notifications</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52723r4_rule" severity="medium" weight="10.0">
            <version>DTOO186</version>
            <title>Trust Bar notifications for Security messages must be enforced.</title>
            <description>&lt;VulnDiscussion&gt;The Message Bar in Office applications is used to identify security issues, such as unsigned macros or potentially unsafe add-ins. When such issues are detected, the application disables the unsafe feature or content and displays the Message Bar at the top of the active window. The Message Bar informs the users about the nature of the security issue and, in some cases, provides the users with an option to enable the potentially unsafe feature or content, which could harm the user's computer.
By default, if an Office application detects a security issue, the Message Bar is displayed. However, this configuration can be modified by users in the Trust Center.
&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-001662</ident>
            <fixtext fixref="F-45648r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Security Settings "Disable all Trust Bar notifications for security issues" to "Disabled".</fixtext>
            <fix id="F-45648r1_fix" />
            <check system="C-47051r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Security Settings "Disable all Trust Bar notifications for security issues" is set to "Disabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\trustcenter
 
If the value “TrustBar” is REG_DWORD = 0, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17605">
        <title>DTOO207 - Document Info Beaconing UI </title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52754r4_rule" severity="medium" weight="10.0">
            <version>DTOO207</version>
            <title>Document Information panel Beaconing must show UI.</title>
            <description>&lt;VulnDiscussion&gt;This policy setting controls whether users see a security warning when they open custom Document Information Panels that contain a web beaconing threat. Web beacons can be used to contact an external server when users open forms. Information could be gathered by the form, or information entered by users could be sent to an external server, exposing the internal users and systems to additional attacks.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-002460</ident>
            <fixtext fixref="F-45680r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Document Information Panel "Document Information Panel Beaconing UI" to "Enabled (Always show UI)".</fixtext>
            <fix id="F-45680r1_fix" />
            <check system="C-47083r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Document Information Panel "Document Information Panel Beaconing UI" is set to "Enabled (Always show UI)".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\documentinformationpanel
 
If the value “Beaconing” is REG_DWORD = 1, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17612">
        <title>DTOO184 - Cust. Experience Improvement Program</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52721r4_rule" severity="medium" weight="10.0">
            <version>DTOO184</version>
            <title>The Customer Experience Improvement Program for Office must be disabled.</title>
            <description>&lt;VulnDiscussion&gt;When users choose to participate in the Customer Experience Improvement Program (CEIP), Office applications automatically send information to Microsoft about how the applications are used. This information is combined with other CEIP data to help Microsoft solve problems and to improve the products and features customers use most often. This feature does not collect users' names, addresses, or any other identifying information except the IP address that is used to send the data.
By default, users have the opportunity to opt into participation in the CEIP the first time they run an Office application. If an organization has policies that govern the use of external resources such as the CEIP, allowing users to opt in to the program might cause them to violate these policies.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000381</ident>
            <fixtext fixref="F-45646r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Privacy -&gt; Trust Center "Enable Customer Experience Improvement Program" to "Disabled".</fixtext>
            <fix id="F-45646r1_fix" />
            <check system="C-47049r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Privacy &gt;&gt; Trust Center "Enable Customer Experience Improvement Program" is set to "Disabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common
 
Criteria: If the value “QMEnable” is REG_DWORD = 0, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17617">
        <title>DTOO190 - Encr. type for Password Protected files</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52727r5_rule" severity="medium" weight="10.0">
            <version>DTOO190</version>
            <title>The encryption type for password protected Office 97 thru Office 2003 must be set.</title>
            <description>&lt;VulnDiscussion&gt;If unencrypted files are intercepted, sensitive information in the files can be compromised. To protect information confidentiality, Microsoft Office application files can be encrypted and password protected. Only users who know the correct password will be able to decrypt such files. Since some encryption types are less secure and easier to breach, Microsoft Enhanced RSA and AES Cryptographic Provider, AES-256, 256-bit should be used when encrypting documents.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-001199</ident>
            <fixtext fixref="F-45652r2_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Security Settings "Encryption type for password protected Office 97-2003 files" to "Enabled (Microsoft Enhanced RSA and AES Cryptographic Provider,AES 256,256)".</fixtext>
            <fix id="F-45652r2_fix" />
            <check system="C-47055r6_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Security Settings "Encryption type for password protected Office 97-2003 files" is set to "Enabled (Microsoft Enhanced RSA and AES Cryptographic Provider, AES 256,256)".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\security
 
If the value “DefaultEncryption12” is REG_SZ = "Microsoft Enhanced RSA and AES Cryptographic Provider, AES 256,256", this is not a finding.
 
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17619">
        <title>DTOO189 - Encryption Type for Pwd Protected files </title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52726r5_rule" severity="medium" weight="10.0">
            <version>DTOO189</version>
            <title>The encryption type for password protected Open XML files must be set.</title>
            <description>&lt;VulnDiscussion&gt;If unencrypted files are intercepted, sensitive information in the files can be compromised. To protect information confidentiality, Microsoft Office application files can be encrypted and password protected. Only users who know the correct password will be able to decrypt such files. Since some encryption types are less secure and easier to breach, Microsoft Enhanced RSA and AES Cryptographic Provider, AES-256, 256-bit should be used when encrypting documents.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-001199</ident>
            <fixtext fixref="F-45651r2_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Security Settings "Encryption type for password protected Office Open XML files" to "Enabled (Microsoft Enhanced RSA and AES Cryptographic Provider,AES 256,256)".</fixtext>
            <fix id="F-45651r2_fix" />
            <check system="C-47054r7_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Security Settings "Encryption type for password protected Office Open XML files" is set to "Enabled (Microsoft Enhanced RSA and AES Cryptographic Provider, AES 256,256)".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\security
 
If the value “OpenXMLEncryption” is REG_SZ = "Microsoft Enhanced RSA and AES Cryptographic Provider, AES 256,256", this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17627">
        <title>DTOO182 - Improve Proofing Tools </title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52719r5_rule" severity="medium" weight="10.0">
            <version>DTOO182</version>
            <title>The Help Improve Proofing Tools feature for Office must be configured.</title>
            <description>&lt;VulnDiscussion&gt;The "Help Improve Proofing Tools" feature collects data about use of the Proofing Tools, such as additions to the custom dictionary, and sends it to Microsoft. After about six months, the feature stops sending data to Microsoft and deletes the data collection file from the user's computer. Although this feature does not intentionally collect personal information, some of the content sent could include items that were marked as spelling or grammar errors, such as proper names and account numbers. However, any numbers such as account numbers, street addresses, and phone numbers are converted to zeroes when the data is collected. Microsoft uses this information solely to improve the effectiveness of the Office Proofing Tools, not to identify users.
By default, this feature is enabled, if users choose to participate in the Customer Experience Improvement Program (CEIP). If an organization has policies that govern the use of external resources such as the CEIP, allowing the use of the "Help Improve Proofing Tools" feature might cause them to violate these policies.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000366</ident>
            <fixtext fixref="F-45644r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Tools \ Options \ Spelling -&gt; Proofing Data Collection "Improve Proofing Tools" to "Disabled".</fixtext>
            <fix id="F-45644r1_fix" />
            <check system="C-47047r7_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Tools &gt;&gt; Options &gt;&gt; Spelling &gt;&gt; Proofing Data Collection "Improve Proofing Tools" is set to "Disabled".
 
Use the Windows Registry Editor to navigate to the following. HKCU\Software\Policies\Microsoft\Office\15.0\common\ptwatson
 
If the value “PTWOptIn” is REG_DWORD = 0, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17659">
        <title>DTOO194 - Hyperlink warnings for Office</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52731r4_rule" severity="medium" weight="10.0">
            <version>DTOO194</version>
            <title>Hyperlink warnings for Office must be configured for use.</title>
            <description>&lt;VulnDiscussion&gt;Unsafe hyperlinks are links that might pose a security risk if users click them. Clicking an unsafe link could compromise the security of sensitive information or harm the computer.
Links that Office considers unsafe include links to executable files, TIFF files, and Microsoft Document Imaging (MDI) files. Other unsafe links are those using protocols considered to be unsafe, including msn, nntp, mms, outlook, and stssync.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-002460</ident>
            <fixtext fixref="F-45656r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Security Settings "Suppress hyperlink warnings" to "Disabled".</fixtext>
            <fix id="F-45656r1_fix" />
            <check system="C-47059r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Security Settings "Suppress hyperlink warnings" is set to "Disabled".
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\security
 
Criteria: If the value “DisableHyperLinkWarning” is REG_DWORD = 0, this is not a finding.
 
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17660">
        <title>DTOO206 - Incl. Doc. properties for PDF and XPS</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52753r4_rule" severity="medium" weight="10.0">
            <version>DTOO206</version>
            <title>Inclusion of document properties for PDF and XPS output must be disallowed.</title>
            <description>&lt;VulnDiscussion&gt;If the Microsoft Save as PDF or XPS Add-in for Microsoft Office Programs is installed, document properties are saved as metadata when users save or publish files using the PDF or XPS commands in Access 2013, Excel 2013, InfoPath 2013, PowerPoint 2013, and Word 2013 using the PDF or XPS or Publish. If this metadata contains sensitive information, saving it with the file could compromise security.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000366</ident>
            <fixtext fixref="F-45679r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Microsoft Save As PDF and XPS add-ins "Disable inclusion of document properties in PDF and XPS output" to "Enabled".</fixtext>
            <fix id="F-45679r1_fix" />
            <check system="C-47082r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Microsoft Save As PDF and XPS add-ins "Disable inclusion of document properties in PDF and XPS output" is set to "Enabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\fixedformat
 
If the value “DisableFixedFormatDocProperties” is REG_DWORD = 1, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17661">
        <title>DTOO198 - Internet Fax Feature</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52747r4_rule" severity="medium" weight="10.0">
            <version>DTOO198</version>
            <title>The Internet Fax Feature must be disabled.</title>
            <description>&lt;VulnDiscussion&gt;Excel, PowerPoint, and Word users can use the Internet Fax feature to send documents to fax recipients through an Internet fax service provider. If your organization has policies that govern the time, place, or manner in which faxes are sent, this feature could help users evade those policies.
By default, Office users can use the Internet Fax feature. &lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000381</ident>
            <fixtext fixref="F-45673r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Services -&gt; Fax "Disable Internet Fax feature" to "Enabled"</fixtext>
            <fix id="F-45673r1_fix" />
            <check system="C-47076r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Services &gt;&gt; Fax "Disable Internet Fax feature" to "Enabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\services\fax
 
If the value “NoFax” is REG_DWORD = 1, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17664">
        <title>DTOO183 - Opt-In Wizard on first run use</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52720r5_rule" severity="medium" weight="10.0">
            <version>DTOO183</version>
            <title>The Opt-In Wizard must be disabled.</title>
            <description>&lt;VulnDiscussion&gt;The Opt-in Wizard displays the first time users run a 2013 Microsoft Office application, which allows them to opt into Internet-based services that will help improve their Office experience, such as Microsoft Update, the Customer Experience Improvement Program, Office Diagnostics, and Online Help. If an organization has policies that govern the use of such external resources, allowing users to opt in to these services might cause them to violate the policies.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000381</ident>
            <fixtext fixref="F-45645r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Privacy -&gt; Trust Center "Disable Opt-in Wizard on first run" to "Enabled".</fixtext>
            <fix id="F-45645r1_fix" />
            <check system="C-47048r7_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Privacy &gt;&gt; Trust Center "Disable Opt-in Wizard on first run" is set to "Enabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\general
 
If the value “ShownFirstRunOptin” is REG_DWORD = 1, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17665">
        <title>DTOO195 - Disable Password to Open UI</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52744r2_rule" severity="medium" weight="10.0">
            <version>DTOO195</version>
            <title>Passwords for secured documents must be enforced.</title>
            <description>&lt;VulnDiscussion&gt;If 2013 Office users add passwords to documents, other users can be prevented from opening the documents. This capability can provide an extra level of protection to documents already protected by access control lists, or provide a means of securing documents not protected by file-level security.
By default, users can add passwords to Excel 2013 workbooks, PowerPoint 2013 presentations, and Word 2013 documents from the Save or Save As dialog box by clicking Tools, clicking General Options, and entering appropriate passwords to open or modify the documents. If this configuration is changed, the General Options dialog box for saving with a password will not be available for the user to password-protect their documents.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-001199</ident>
            <fixtext fixref="F-45670r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Security Settings "Disable password to open UI" to "Disabled".</fixtext>
            <fix id="F-45670r1_fix" />
            <check system="C-47073r2_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Security Settings "Disable password to open UI" is set to "Disabled".
 
Use the Windows Registry Editor to navigate to the following key:
HKCU\Software\Policies\Microsoft\Office\15.0\common\security
 
If the value “DisablePasswordUI” is REG_DWORD = 0, this is not a finding.
 
Fix Text: Set the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Security Settings "Disable password to open UI" to "Disabled".
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17669">
        <title>DTOO197 - Document Manifests</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52746r4_rule" severity="medium" weight="10.0">
            <version>DTOO197</version>
            <title>Smart Documents use of Manifests in Office must be disallowed.</title>
            <description>&lt;VulnDiscussion&gt;An XML expansion pack is the group of files that constitutes a Smart Document in Excel and Word. One or more components that provide the logic needed for a Smart Document are packaged by using an XML expansion pack. These components can include any type of file, including XML schemas, Extensible Stylesheet Language Transforms (XSLTs), dynamic-link libraries (DLLs), and image files, as well as additional XML files, HTML files, Word files, Excel files, and text files.
The key component to building an XML expansion pack is creating an XML expansion pack manifest file. By creating this file, the locations of all files that make up the XML expansion pack are specified, as well as information that instructs Office 2013 how to set up the files for the Smart Document. The XML expansion pack can also contain information about how to set up other files, such as how to install and register a COM object required by the XML expansion pack.
XML expansion packs can be used to initialize and load malicious code, which might affect the stability of a computer and lead to data loss. Office applications can load an XML expansion pack manifest file with a Smart Document.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000366</ident>
            <fixtext fixref="F-45672r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Smart Documents (Word, Excel) "Disable Smart Document's use of manifests" to "Enabled".</fixtext>
            <fix id="F-45672r1_fix" />
            <check system="C-47075r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Smart Documents (Word, Excel) "Disable Smart Document's use of manifests" is set to "Enabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\Common\Smart Tag
 
If the value “NeverLoadManifests” is REG_DWORD = 1, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17670">
        <title>DTOO208 - Office client polling from Office Server</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52755r4_rule" severity="medium" weight="10.0">
            <version>DTOO208</version>
            <title>Office client polling of SharePoint servers published links must be disabled.</title>
            <description>&lt;VulnDiscussion&gt;Users of Office applications can see and use links to Microsoft Office SharePoint Server sites from those applications. Administrators configure published links to Office applications during initial deployment, and can add or change links as part of regular operations. These links appear on the My SharePoint Sites tab of the Open, Save, and Save As dialog boxes when opening and saving documents from these applications. Links can be targeted so that they only appear to users who are members of particular audiences.
If a malicious person gains access to the list of published links, they could modify the links to point to unapproved sites, which could make sensitive data vulnerable to exposure.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000213</ident>
            <fixtext fixref="F-45681r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Server Settings "Disable the Office client from polling the SharePoint Server for published links" to "Enabled".</fixtext>
            <fix id="F-45681r1_fix" />
            <check system="C-47084r6_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Server Settings "Disable the Office client from polling the SharePoint Server for published links" is set to "Enabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\portal
 
If the value “LinkPublishingDisabled” is REG_DWORD = 1, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17731">
        <title>DTOO201 - Connection permissions verification</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52750r4_rule" severity="medium" weight="10.0">
            <version>DTOO201</version>
            <title>Connection verification of permissions must be enforced.</title>
            <description>&lt;VulnDiscussion&gt;Users are not required to connect to the network to verify permissions. If users do not need their licenses confirmed when attempting to open Office documents, they might be able to access documents after their licenses have been revoked. Also, it is not possible to log the usage of files with restricted permissions if users' licenses are not confirmed.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-002235</ident>
            <fixtext fixref="F-45676r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Manage Restricted Permissions "Always require users to connect to verify permission" to "Enabled".</fixtext>
            <fix id="F-45676r1_fix" />
            <check system="C-47079r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Manage Restricted Permissions "Always require users to connect to verify permission" is set to "Enabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\drm
 
Criteria: If the value “RequireConnection” is REG_DWORD = 1, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17740">
        <title>DTOO185 - Do not receive Automatic small updates </title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52722r4_rule" severity="medium" weight="10.0">
            <version>DTOO185</version>
            <title>Automatic receiving of small updates to improve reliability must be disallowed.</title>
            <description>&lt;VulnDiscussion&gt;Having access to updates, add-ins, and patches on the Office Online website can help users ensure computers are up to date and equipped with the latest security patches. However, to ensure updates are tested and applied in a consistent manner, many organizations prefer to roll out updates using a centralized mechanism such as Microsoft Systems Center or Windows Server Update Services.
By default, users are allowed to download updates, add-ins, and patches from the Office Online Web site to keep their Office applications running smoothly and securely. If an organization has policies that govern the use of external resources such as Office Online, allowing users to download updates might cause them to violate these policies.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000381</ident>
            <fixtext fixref="F-45647r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Privacy -&gt; Trust Center "Automatically receive small updates to improve reliability" to "Disabled".</fixtext>
            <fix id="F-45647r1_fix" />
            <check system="C-47050r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Privacy &gt;&gt; Trust Center "Automatically receive small updates to improve reliability" is set to "Disabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common
 
If the value “UpdateReliabilityData” is REG_DWORD = 0, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17741">
        <title>DTOO193 - Automation Security</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52730r3_rule" severity="medium" weight="10.0">
            <version>DTOO193</version>
            <title>Automation Security to enforce macro level security in Office documents must be configured.</title>
            <description>&lt;VulnDiscussion&gt;When a separate program is used to launch Microsoft Office Excel, PowerPoint, or Word programmatically, any macros can run in the programmatically opened application without being blocked. This functionality could allow an attacker to use automation to run malicious code in Excel, PowerPoint, or Word.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-001170</ident>
            <fixtext fixref="F-45655r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Security Settings "Automation Security" to "Enabled (Use application macro security level)".</fixtext>
            <fix id="F-45655r1_fix" />
            <check system="C-47058r4_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Security Settings "Automation Security" is set to "Enabled (Use application macro security level)".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\Common\Security
 
If the value “AutomationSecurity” is REG_DWORD = 2 for all user profile hives, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17749">
        <title>DTOO203 - Legacy Format signatures </title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52751r4_rule" severity="medium" weight="10.0">
            <version>DTOO203</version>
            <title>Legacy format signatures must be enabled.</title>
            <description>&lt;VulnDiscussion&gt;Office applications use the XML-based XMLDSIG format to attach digital signatures to documents, including Office 97-2003 binary documents. XMLDSIG signatures are not recognized by Office 2003 applications or previous versions. If an Office user opens an Excel, PowerPoint, or Word binary document with an XMLDSIG signature attached, the signature will be lost.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000366</ident>
            <fixtext fixref="F-45677r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Signing "Legacy format signatures" to "Enabled".</fixtext>
            <fix id="F-45677r1_fix" />
            <check system="C-47080r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Signing "Legacy format signatures" is set to "Enabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\signatures
 
If the value “EnableCreationOfWeakXPSignatures” is REG_DWORD = 1, this is not a finding.
 
Fix Text: Set the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Signing "Legacy format signatures" to "Enabled".
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17750">
        <title>DTOO192 - Load controls for forms3 </title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52729r4_rule" severity="medium" weight="10.0">
            <version>DTOO192</version>
            <title>Load controls in forms3 must be disabled from loading.</title>
            <description>&lt;VulnDiscussion&gt;ActiveX controls are Component Object Model (COM) objects and have unrestricted access to users' computers. ActiveX controls can access the local file system and change the registry settings of the operating system. If a malicious user repurposes an ActiveX control to take over a user's computer, the effect could be significant.
To help improve security, ActiveX developers can mark controls as Safe For Initialization (SFI), which means that the developer states that the controls are safe to open and run and not capable of causing harm to any computers. If a control is not marked SFI, the control could adversely affect a computer--or it could mean the developers did not test the control in all situations and are not sure whether their control might be compromised at some future date.
SFI controls run in safe mode, which limits their access to the computer. For example, a worksheet control can both read and write files when it is in unsafe mode, but perhaps only read from files when it is in safe mode. This functionality allows the control to be used in very powerful ways when safety is not important, but the control would still be safe for use in a Web page.
If a control is not marked as SFI, it is marked Unsafe For Initialization (UFI), which means that it is capable of affecting a user's computer. If UFI ActiveX controls are loaded, they are always loaded in unsafe mode.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-001662</ident>
            <fixtext fixref="F-45654r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Security Settings "Load Controls in Forms3" to "Disabled".</fixtext>
            <fix id="F-45654r1_fix" />
            <check system="C-47057r4_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Security Settings "Load Controls in Forms3" is set to "Disabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\keycupoliciesmsvbasecurity
 
If the value “LoadControlsInForms” exists, this is a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17759">
        <title>DTOO179 - Open as Read/Write when browsing</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52714r6_rule" severity="medium" weight="10.0">
            <version>DTOO179</version>
            <title>Documents must be configured to not open as Read Write when browsing.</title>
            <description>&lt;VulnDiscussion&gt;By default, when an Office 2013 document on a web server is opened using Internet Explorer, the appropriate application opens the file in read-only mode. However, if the default configuration is changed, the document is opened as read/write. Users could potentially make changes to documents and resave them in situations where the web server security is not configured to prevent such changes.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-001170</ident>
            <fixtext fixref="F-45638r3_fix">Set the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Tools | Options | General | Web Options... &gt;&gt; Files "Open Office documents as read/write while browsing" to "Disabled".</fixtext>
            <fix id="F-45638r3_fix" />
            <check system="C-47042r10_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Tools | Options | General | Web Options... &gt;&gt; Files "Open Office documents as read/write while browsing" is set to "Disabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\internet
 
If the value “OpenDocumentsReadWriteWhileBrowsing” for REG_DWORD = 0, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17765">
        <title>DTOO199 - Permissions on managed content</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52748r3_rule" severity="medium" weight="10.0">
            <version>DTOO199</version>
            <title>Changing permissions on rights managed content for users must be enforced.</title>
            <description>&lt;VulnDiscussion&gt;This setting controls whether Office 2013 users can change permissions for content that is protected with Information Rights Management (IRM). The Information Rights Management feature of Office 2013 allows individuals and administrators to specify access permissions to Word documents, Excel workbooks, PowerPoint presentations, InfoPath templates and forms, and Outlook email messages. This functionality helps prevent sensitive information from being printed, forwarded, or copied by unauthorized people.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-002165</ident>
            <fixtext fixref="F-45674r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Manage Restricted Permissions "Prevent users from changing permissions on rights managed content" to "Disabled".</fixtext>
            <fix id="F-45674r1_fix" />
            <check system="C-47077r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Manage Restricted Permissions "Prevent users from changing permissions on rights managed content" is set to "Disabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\drm
 
Criteria: If the value “DisableCreation” is REG_DWORD = 0 for every users profile hive, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17768">
        <title>DTOO188 - Protect document metadata </title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52725r4_rule" severity="medium" weight="10.0">
            <version>DTOO188</version>
            <title>Document metadata for password protected files must be protected.</title>
            <description>&lt;VulnDiscussion&gt;When an Office Open XML document is protected with a password and saved, any metadata associated with the document is encrypted along with the rest of the document's contents. If this configuration is changed, potentially sensitive information such as the document author and hyperlink references could be exposed to unauthorized people. &lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-001199</ident>
            <fixtext fixref="F-45650r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Security Settings "Protect document metadata for password protected files" to "Enabled".</fixtext>
            <fix id="F-45650r1_fix" />
            <check system="C-47053r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Security Settings "Protect document metadata for password protected files" is set to "Enabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\security
 
If the value “OpenXMLEncryptProperty” is REG_DWORD = 1, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17769">
        <title>DTOO187 - Protect metadata / rights managed docs</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52724r4_rule" severity="medium" weight="10.0">
            <version>DTOO187</version>
            <title>Rights managed Office Open XML files must be protected.</title>
            <description>&lt;VulnDiscussion&gt;When Information Rights Management (IRM) is used to restrict access to an Office Open XML document, any metadata associated with the document is not encrypted. This configuration could allow potentially sensitive information such as the document author and hyperlink references to be exposed to unauthorized individuals.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-002476</ident>
            <fixtext fixref="F-45649r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Security Settings "Protect document metadata for rights managed Office Open XML Files" to "Enabled".</fixtext>
            <fix id="F-45649r1_fix" />
            <check system="C-47052r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Security Settings "Protect document metadata for rights managed Office Open XML Files" is set to "Enabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\security
 
If the value “DRMEncryptProperty” is REG_DWORD = 1, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17773">
        <title>DTOO180 - Vector Markup Lang (VML) / IE graphics </title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52715r4_rule" severity="medium" weight="10.0">
            <version>DTOO180</version>
            <title>Relying on Vector markup Language (VML) for displaying graphics in browsers must be disallowed.</title>
            <description>&lt;VulnDiscussion&gt;When saving documents as web pages, Excel, PowerPoint, and Word can save vector-based graphics in Vector Markup Language (VML), which enables Internet Explorer to display them smoothly at any resolution. By default, when saving VML graphics, Office applications also save copies of the graphics in a standard raster file format (GIF or PNG) for use by browsers that cannot display VML. If the "Rely on VML for displaying graphics in browsers" check box in the web Options dialog box is selected, applications will not save raster copies of VML graphics, which means those graphics will not display in non-Microsoft browsers.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-001170</ident>
            <fixtext fixref="F-45640r2_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Tools \ Options \ General \ Web Options -&gt; Browsers "Rely on VML for displaying graphics in browsers" to "Disabled".</fixtext>
            <fix id="F-45640r2_fix" />
            <check system="C-47043r8_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Tools &gt;&gt; Options &gt;&gt; General &gt;&gt; Web Options &gt;&gt; Browsers "Rely on VML for displaying graphics in browsers" is set to "Disabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\internet.
 
If the value “RelyOnVML” is REG_DWORD = 0, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-17805">
        <title>DTOO204 - External Signature Services menu</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52752r4_rule" severity="medium" weight="10.0">
            <version>DTOO204</version>
            <title>External Signature Services Menu for Office must be suppressed.</title>
            <description>&lt;VulnDiscussion&gt;Users can select Add Signature Services (from the Signature Line drop-down menu on the Insert tab of the Ribbon in Excel 2013, PowerPoint 2013, and Word 2013) to see a list of signature service providers on the Microsoft Office website. If an organization has policies that govern the use of external resources such as signature providers or Office Marketplace, allowing users to access the Add Signature Services menu item might enable them to violate those policies.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000366</ident>
            <fixtext fixref="F-45678r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Signing "Suppress external signature services menu item" to "Enabled".</fixtext>
            <fix id="F-45678r1_fix" />
            <check system="C-47081r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Signing "Suppress external signature services menu item" is set to "Enabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\signatures
 
Criteria: If the value “SuppressExtSigningSvcs” is REG_DWORD = 1, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-26630">
        <title>DTOO345 - Online content options</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52758r5_rule" severity="medium" weight="10.0">
            <version>DTOO345</version>
            <title>Online content options must be configured for offline content availability.
            </title>
            <description>&lt;VulnDiscussion&gt;The Office 2013 Help system automatically searches MicrosoftOffice.com for content when a computer is connected to the Internet. Users can change this default by clearing the Search Microsoft Office.com for Help content when I'm connected to the Internet check box in the Privacy Options section of the Trust Center. If an organization has policies that govern the use of external resources such as Office.com, allowing the Help system to download content might cause users to violate these policies.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000381</ident>
            <fixtext fixref="F-45684r2_fix">Set the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Tools &gt;&gt; Options &gt;&gt; General &gt;&gt; Service Options... &gt;&gt; Online Content "Online content options" to "Enabled: Do not allow Office to connect to the internet".</fixtext>
            <fix id="F-45684r2_fix" />
            <check system="C-47087r6_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Note: This check is Not Applicable when the use of Office 365 is against the specific DoD instance of O365.
 
The use of Offline Content for Non-DoD instances of O365 is prohibited and it must not allow for personal account synchronization.
 
All non-DoD instances are subject to this requirement.
 
Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Tools &gt;&gt; Options &gt;&gt; General &gt;&gt; Service Options... &gt;&gt; Online Content "Online content options" is set to "Enabled: Do not allow Office to connect to the internet".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\internet
 
If the value “UseOnlineContent” is REG_DWORD = 0, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-26704">
        <title>DTOO321 - Encrypt document properties</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-52757r4_rule" severity="medium" weight="10.0">
            <version>DTOO321</version>
            <title>Encrypt document properties must be configured for OLE documents.
            </title>
            <description>&lt;VulnDiscussion&gt;This policy setting allows a document's properties to be encrypted. This applies to OLE documents (Office 97-2003 compatible) if the application is configured for CAPI RC4. Disabling this setting will prevent the encryption of document properties, which may expose sensitive data.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-002476</ident>
            <fixtext fixref="F-45683r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Security Settings "Encrypt document properties" to "Enabled".</fixtext>
            <fix id="F-45683r1_fix" />
            <check system="C-47086r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Security Settings "Encrypt document properties" is set to "Enabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\security
 
Criteria: If the value “EncryptDocProps” is REG_DWORD = 1, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-40858">
        <title>DTOO401 - Office Automatic Updates</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-53190r1_rule" severity="medium" weight="10.0">
            <version>DTOO401</version>
            <title> Office automatic updates must be enabled for Office products installed via Click-to-Run and configured to use a Trusted site.</title>
            <description>&lt;VulnDiscussion&gt;This policy setting controls whether the Office automatic updates are enabled or disabled for all Office products installed via Click-to-Run. This policy has no effect on Office products installed via Windows Installer. If this policy setting is enabled, Office periodically checks for updates. When updates are detected, Office downloads and applies them in the background. If policy setting is disabled, Office will not check for updates. Without receiving automatic updates, vulnerabilities found within the Office products will not be applied, leaving the vulnerabilities exposed.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-002605</ident>
            <fixtext fixref="F-46116r1_fix">Set the policy value for Computer Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 (Machine)-&gt;Updates-&gt;"Enable Automatic Updates" to "Enabled".
 
Set the policy value for Computer Configuration -&gt; Administrative Templates -&gt; Windows Components -&gt; Windows Updates -&gt; "Specify intranet Microsoft update service location" to "Enabled" and the "Set the intranet update service for detecting updates:" and the "Set the intranet statistics server:"to point to an Intranet system.</fixtext>
            <fix id="F-46116r1_fix" />
            <check system="C-47496r1_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for Computer Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 (Machine)-&gt;Updates-&gt;"Enable Automatic Updates" is set to "Enabled".
Verify the policy value for Computer Configuration -&gt; Administrative Templates -&gt; Windows Components -&gt; Windows Updates -&gt; "Specify intranet Microsoft update service location" is set to "Enabled" and the "Set the intranet update service for detecting updates:" and the "Set the intranet statistics server:" both point to an Intranet system.
 
Procedure: Use the Windows Registry Editor to navigate to the following key:
 
HKLM\software\policies\Microsoft\office\15.0\common\officeupdate
Criteria: If the value EnableAutomaticUpdates is REG_DWORD = 1, this is not a finding.
If the registry key is missing, this is an Open finding. This setting is, by default, enabled and must be explicitly configured to be disabled.
HKLM\software\policies\Microsoft\Windows\WindowsUpdate
Criteria: If the value of WUServer and WUStatusServer are populated with an Intranet system, this is not a finding.</check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-40859">
        <title>DTOO402 - The Enable Updates and Disable Updates UI options</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-53191r1_rule" severity="medium" weight="10.0">
            <version>DTOO402</version>
            <title>The Enable Updates and Disable Updates options in the UI must be hidden from users.</title>
            <description>&lt;VulnDiscussion&gt;This policy setting allows the user interface (UI) options to enable or disable Office automatic updates to be hidden from users. These options are found in the Product Information area of all Office applications installed via Click-to-Run. This policy setting has no effect on Office applications installed via Windows Installer. If this policy setting is enabled, the "Enable Updates" and "Disable Updates" options in the UI are hidden from users. If this policy setting is not configured, the "Enable Updates" and "Disable Updates" options are visible, and users can enable or disable Office automatic updates from the UI.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000366</ident>
            <fixtext fixref="F-46117r1_fix">Set the policy value for Computer Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 (Machine)-&gt;Updates-&gt;"Hide option to enable or disable updates" is set to "Enabled".</fixtext>
            <fix id="F-46117r1_fix" />
            <check system="C-47497r1_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for Computer Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 (Machine)-&gt;Updates-&gt;"Hide option to enable or disable updates" is set to "Enabled".
 
Procedure: Use the Windows Registry Editor to navigate to the following key:
 
HKLM\software\policies\Microsoft\office\15.0\common\officeupdate
 
Criteria: If the value HideEnableDisableUpdates is REG_DWORD = 1, this is not a finding.</check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-40860">
        <title>DTOO403 - Office365 sign-in video</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-53192r4_rule" severity="medium" weight="10.0">
            <version>DTOO403</version>
            <title>The video informing a user about signing into Office365 must be disabled.</title>
            <description>&lt;VulnDiscussion&gt;Office 365 is a subscription-based service which offers access to various Microsoft Office applications. Access to Office 365 will not be permitted; only locally installed and configured Office 2013 installations will be used. Since the ability to sign into Office 365 will be disabled, this policy, which determines whether a video about signing into Office365 is played when Office first runs, will also be disabled.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000381</ident>
            <fixtext fixref="F-46118r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; First Run -&gt; "Disable First Run Movie" to "Enabled".</fixtext>
            <fix id="F-46118r1_fix" />
            <check system="C-47498r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; First Run &gt;&gt; "Disable First Run Movie" is set to "Enabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\firstrun
 
Criteria: If the value “disablemovie” is REG_DWORD = 1, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-40861">
        <title>DTOO404 - Office365 first-run prompt</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-53193r4_rule" severity="medium" weight="10.0">
            <version>DTOO404</version>
            <title>The first-run prompt to sign into Office365 must be disabled.</title>
            <description>&lt;VulnDiscussion&gt;Office 365 functionality allows users to provide credentials for accessing Office 365 using either their Microsoft Account, or the user ID assigned by the organization. Access to Office 365 will not be permitted; only locally installed and configured Office 2013 installations will be used. Since the ability to sign into Office 365 will be disabled, this policy, which determines whether the Office First Run comes up on first application boot if not previously viewed, will also be disabled.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000381</ident>
            <fixtext fixref="F-46119r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; First Run -&gt; "Disable Office First Run on application boot" to "Enabled".</fixtext>
            <fix id="F-46119r1_fix" />
            <check system="C-47499r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; First Run &gt;&gt; "Disable Office First Run on application boot" is set to "Enabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\firstrun
 
Criteria: If the value “bootedrtm” is REG_DWORD = 1, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-40862">
        <title>DTOO405 - Block Office365 sign-in ability</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-53194r4_rule" severity="medium" weight="10.0">
            <version>DTOO405</version>
            <title> The ability to sign into Office365 must be disabled.</title>
            <description>&lt;VulnDiscussion&gt;Office 2013 can be configured to prompt users for credentials to Office365 using either their Microsoft Account or the user ID assigned by an organization for accessing Office 365. Access to Office 365 will not be permitted and only locally installed and configured Office installations will be used.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000381</ident>
            <fixtext fixref="F-46120r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Miscellaneous -&gt; "Block signing into Office" to "Enabled: org ID only".</fixtext>
            <fix id="F-46120r1_fix" />
            <check system="C-47500r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Miscellaneous &gt;&gt; "Block signing into Office" is set to "Enabled: org ID only".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\signin
 
If the value “signinoptions” is REG_DWORD = 2, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-40863">
        <title>DTOO406 - Disable automatic screenshot hyperlinking</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-53195r4_rule" severity="medium" weight="10.0">
            <version>DTOO406</version>
            <title>The ability to automatically hyperlink screenshots within Word, PowerPoint, Excel and Outlook must be disabled.</title>
            <description>&lt;VulnDiscussion&gt;The ability to automatically bind hyperlink to a screenshot inserted through the Insert Screenshot tool introduces the possibility of a malicious URL or website being imbedded in the Word, PowerPoint, Excel or Outlook document. Disabling the hyperlink in those screenshots will ensure users do not have the ability to directly open the hyperlinks.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000381</ident>
            <fixtext fixref="F-46121r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Miscellaneous -&gt; "Do not automatically hyperlink screenshots" to "Enabled".</fixtext>
            <fix id="F-46121r1_fix" />
            <check system="C-47501r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Miscellaneous &gt;&gt; "Do not automatically hyperlink screenshots" is set to "Enabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\gfx
 
If the value “disablescreenshotautohyperlink” is REG_DWORD = 1, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-40864">
        <title>DTOO407 - Disable prompt to save to OneDrive (formerly SkyDrive)</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-53196r6_rule" severity="medium" weight="10.0">
            <version>DTOO407</version>
            <title>The prompt to save to OneDrive (formerly SkyDrive) must be disabled.</title>
            <description>&lt;VulnDiscussion&gt;OneDrive (formerly SkyDrive) is a cloud based storage feature that introduces the capability for users to save documents to locations outside of protected enclaves. This feature introduces the risk that FOUO and PII data, as well as other DoD protected data, may be inadvertently stored in a nonsecure location. This setting, which will prompt the user to sign in to OneDrive while performing a file save operation, must be disabled.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000381</ident>
            <fixtext fixref="F-46122r4_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Miscellaneous -&gt; "Show OneDrive Sign In" to "Disabled".</fixtext>
            <fix id="F-46122r4_fix" />
            <check system="C-47502r11_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Miscellaneous .&gt; "Show OneDrive Sign In" is set to "Disabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\general
 
If the value “SkyDriveSignInOption” is REG_DWORD = 0, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-40875">
        <title>DTOO408 - Office Presentation Service must be removed</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-53207r4_rule" severity="medium" weight="10.0">
            <version>DTOO408</version>
            <title>Office Presentation Service must be removed as an option for presenting PowerPoint and Word online.</title>
            <description>&lt;VulnDiscussion&gt;The Office Presentation Service is a free, public service that allows others to follow along in a web browser. Allowing this feature could result in presentations with DoD FOUO, PII and other protected data to be viewed in a nonsecure location. By disabling this policy, the user will not have the ability to deliver a presentation online.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000381</ident>
            <fixtext fixref="F-46133r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Present Online -&gt; "Remove Office Presentation Service from the list of online presentation services in PowerPoint and Word" to "Enabled".</fixtext>
            <fix id="F-46133r1_fix" />
            <check system="C-47513r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Present Online &gt;&gt; "Remove Office Presentation Service from the list of online presentation services in PowerPoint and Word" is set to "Enabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\broadcast
 
If the value “disabledefaultservice” is REG_DWORD = 1, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-40879">
        <title>DTOO409 - Disable programmatic creation of online presentation</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-53211r4_rule" severity="medium" weight="10.0">
            <version>DTOO409</version>
            <title>The ability to create an online presentation programmatically must be disabled.</title>
            <description>&lt;VulnDiscussion&gt;Allowing online presentations to be created programmatically allows for the capability of malicious content to become imbedded in those programmatically created presentations.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-001170</ident>
            <fixtext fixref="F-46137r1_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Present Online -&gt; "Restrict programmatic access for creating online presentations in PowerPoint and Word" to "Enabled".</fixtext>
            <fix id="F-46137r1_fix" />
            <check system="C-47517r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Present Online &gt;&gt; "Restrict programmatic access for creating online presentations in PowerPoint and Word" is set to "Enabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\broadcast
 
If the value “disableprogrammaticaccess” is REG_DWORD = 1, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-40880">
        <title>DTOO410 - Office Feedback tool</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-53212r4_rule" severity="medium" weight="10.0">
            <version>DTOO410</version>
            <title>When using the Office Feedback tool, the ability to include a screenshot must be disabled.</title>
            <description>&lt;VulnDiscussion&gt;The "Office Feedback" tool, also called "Send-a-Smile", allows a user to click on an icon and send feedback to Microsoft. The "Office Feedback" Tool must be configured to be disabled. In the event that the Office Feedback Tool has not been configured correctly as disabled, this policy configures whether the uploading of screenshots via the tool is allowed and should also be disabled. Uploading screenshots to a commercial vendor from a DoD computer may unintentionally reveal configuration and/or FOUO content.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000366</ident>
            <fixtext fixref="F-46138r3_fix">Set the policy value for User Configuration -&gt; Administrative Templates -&gt; Microsoft Office 2013 -&gt; Privacy -&gt; Trust Center -&gt; "Allow including screenshot with Office Feedback" to "Disabled".</fixtext>
            <fix id="F-46138r3_fix" />
            <check system="C-47518r7_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Privacy &gt;&gt; Trust Center &gt;&gt;"Allow including screenshot with Office Feedback" is set to "Disabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\feedback
 
If the value “includescreenshot” is REG_DWORD = 0, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-40881">
        <title>DTOO411 - Disable Office Feedback</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-53213r5_rule" severity="medium" weight="10.0">
            <version>DTOO411</version>
            <title>The Office Feedback tool must be disabled.</title>
            <description>&lt;VulnDiscussion&gt;The "Office Feedback" tool, also called "Send-a-Smile", allows a user to click on an icon and send feedback to Microsoft. Applications used by DoD users should not be able to provide feedback to commercial vendors regarding their positive and negative experiences when using Office due to the potential of unintentionally revealing FOUO or other protected content.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000381</ident>
            <fixtext fixref="F-46139r2_fix">Set the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Privacy &gt;&gt; Trust Center &gt;&gt; "Send Office Feedback" to "Disabled".</fixtext>
            <fix id="F-46139r2_fix" />
            <check system="C-47519r6_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Privacy &gt;&gt; Trust Center &gt;&gt; "Send Office Feedback" is set to "Disabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\feedback
 
If the value “enabled” is REG_DWORD = 0, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-40882">
        <title>DTOO412 - Disable run unsecure Office apps</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-53214r5_rule" severity="medium" weight="10.0">
            <version>DTOO412</version>
            <title>The ability to run unsecure Office apps must be disabled.</title>
            <description>&lt;VulnDiscussion&gt;Unsecure apps for Office, which are apps that have web page or catalog locations that are not SSL-secured (https://), and/or are not in users' Internet zones may allow data to be transmitted/accessed via clear text to outside sources. By configuring this policy to be disabled, users will be prevented from transmitting/accessing data in a nonsecure manner.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000366</ident>
            <fixtext fixref="F-46141r2_fix">Set the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Security Settings &gt;&gt; Trust Center &gt;&gt; Trusted Catalogs "Allow Unsecure Apps and Catalogs" to "Disabled".</fixtext>
            <fix id="F-46141r2_fix" />
            <check system="C-47521r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Security Settings &gt;&gt; Trust Center &gt;&gt; Trusted Catalogs "Allow Unsecure Apps and Catalogs" is set to "Disabled".
 
Procedure: Use the Windows Registry Editor to navigate to the following hive:
 
HKCU\Software\Policies\Microsoft\Office\15.0\wef\trustedcatalogs
 
If the value “requireserververification” is REG_DWORD = 1, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-40883">
        <title>DTOO413 - Block Apps for Office</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-53215r5_rule" severity="medium" weight="10.0">
            <version>DTOO413</version>
            <title>Users must be prevented from using or inserting apps that come from the Office Store.</title>
            <description>&lt;VulnDiscussion&gt;This policy setting allows users to be prevented from using or inserting apps that come from the Office Store. If this policy setting is enabled, apps from the Office Store are blocked. If this policy setting is disabled or not configured, apps from the Office Store are allowed, unless the "Block Apps for Office" policy setting is enabled.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-001749</ident>
            <fixtext fixref="F-46142r2_fix">Set the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Security Settings &gt;&gt; Trust Center &gt;&gt; Trusted Catalogs "Block the Office Store" to "Enabled".</fixtext>
            <fix id="F-46142r2_fix" />
            <check system="C-47522r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Security Settings &gt;&gt; Trust Center &gt;&gt; Trusted Catalogs "Block the Office Store" is set to "Enabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\wef\trustedcatalogs
 
If the value “disableomexcatalogs” is REG_DWORD = 1, this is not a finding.
 
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-40884">
        <title>DTOO414 - Roaming settings must be stored locally and not synchronized</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-53216r5_rule" severity="medium" weight="10.0">
            <version>DTOO414</version>
            <title>Roaming settings must be stored locally and not synchronized to the Microsoft Office roaming settings web service.</title>
            <description>&lt;VulnDiscussion&gt;Microsoft Office includes the ability to roam settings for specific Office features amongst devices by storing this data in the cloud. This data includes user activity such as the list of most recently used documents as well as user preferences such as the Office theme. This policy setting controls whether this data is allowed to be stored in the cloud. If this policy setting is enabled, roaming settings are only stored locally and not synchronized to the Microsoft Office roaming settings web service. If this policy setting is disabled or not configured, roaming settings are synchronized with the Microsoft Office roaming settings web service and users can access their data from other devices. Existing data in the cloud is not affected by this policy.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000381</ident>
            <fixtext fixref="F-46143r2_fix">Set the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Services &gt;&gt; "Disable Roaming Office User Settings" to "Enabled". </fixtext>
            <fix id="F-46143r2_fix" />
            <check system="C-47523r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Services &gt;&gt; "Disable Roaming Office User Settings" is set to "Enabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\roaming
 
If the value “roamingsettingsdisabled” is REG_DWORD = 1, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-40885">
        <title>DTOO415 - Data upload for Office Telemetry Agent</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-53217r5_rule" severity="medium" weight="10.0">
            <version>DTOO415</version>
            <title>The ability of the Office Telemetry Agent to periodically upload telemetry data to a shared folder must be disabled.</title>
            <description>&lt;VulnDiscussion&gt;Office Telemetry is a new compatibility monitoring framework. When an Office document or solution is loaded, used, closed, or raises an error in certain Office 2013 applications, the Office Telemetry application adds a record about the event to a local data store. Each record includes a description of the problem and a link to more information. Inventory and usage data is also tracked. The actual logging capability will be enabled, but this policy allows that data to be uploaded to a remote location which, if enabled, could pass information about the internal network and configuration to that remote site.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000381</ident>
            <fixtext fixref="F-46144r2_fix">Set the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Telemetry Dashboard &gt;&gt; "Turn on data uploading for Office Telemetry Agent" to "Disabled". </fixtext>
            <fix id="F-46144r2_fix" />
            <check system="C-47524r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Telemetry Dashboard &gt;&gt; "Turn on data uploading for Office Telemetry Agent" is set to "Disabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\osm
 
If the value “enableupload” is REG_DWORD = 0, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-40886">
        <title>DTOO416 - Telemetry Agent privacy setting</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-53218r5_rule" severity="medium" weight="10.0">
            <version>DTOO416</version>
            <title>The Office Telemetry Agent must be configured to obfuscate the file name, file path, and title of Office documents before uploading telemetry data to the shared folder.</title>
            <description>&lt;VulnDiscussion&gt;This policy setting configures the Office Telemetry Agent to disguise, or obfuscate, certain file properties that are reported in telemetry data. If this policy setting is enabled, Office Telemetry Agent obfuscates the file name, file path, and title of Office documents before uploading telemetry data to the shared folder. If this policy setting is disabled or not configured, the Office Telemetry Agent uploads telemetry data that shows the full file name, file path, and title of all Office documents.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000366</ident>
            <fixtext fixref="F-46145r2_fix">Set the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Telemetry Dashboard &gt;&gt; "Turn on privacy setting in Office Telemetry Agent" to "Enabled".</fixtext>
            <fix id="F-46145r2_fix" />
            <check system="C-47525r6_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Telemetry Dashboard &gt;&gt; "Turn on privacy setting in Office Telemetry Agent" is set to "Enabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\osm
 
If the value “enablefileobfuscation” is REG_DWORD = 1, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
    <Group id="V-40887">
        <title>DTOO417 - Enable Telemetry data collection</title>
        <description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description>
        <Rule id="SV-53219r5_rule" severity="medium" weight="10.0">
            <version>DTOO417</version>
            <title>The Office Telemetry Agent and Office applications must be configured to collect telemetry data.</title>
            <description>&lt;VulnDiscussion&gt;Office Telemetry is a new compatibility monitoring framework. When an Office document or solution is loaded, used, closed, or raises an error in certain Office 2013 applications, the Office Telemetry application adds a record about the event to a local data store. Each record includes a description of the problem and a link to more information. Inventory and usage data is also tracked. This policy setting allows the data collection features in Office that are used by the Office Telemetry Dashboard and Office Telemetry Log to be turned on. If this policy setting is enabled, Office Telemetry Agent and Office applications will collect telemetry data, which includes Office application usage, most recently used Office documents (including file names) and solutions usage, compatibility issues, and critical errors that occur on the local computers. Office Telemetry Dashboard can be used to view this data remotely, and users can use Office Telemetry Log to view this data on their local computers. If this policy setting is disabled or not configured, the Office Telemetry Agent and Office applications do not generate or collect telemetry data.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;System Administrator&lt;/Responsibility&gt;&lt;Responsibility&gt;Information Assurance Officer&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description>
            <reference>
                <dc:title>DPMS Target Microsoft Office System 2013</dc:title>
                <dc:publisher>DISA</dc:publisher>
                <dc:type>DPMS Target</dc:type>
                <dc:subject>Microsoft Office System 2013</dc:subject>
                <dc:identifier>2480</dc:identifier>
            </reference>
            <ident system="http://iase.disa.mil/cci">CCI-000381</ident>
            <fixtext fixref="F-46146r2_fix">Set the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Telemetry Dashboard &gt;&gt; "Turn on telemetry data collection" to "Enabled".</fixtext>
            <fix id="F-46146r2_fix" />
            <check system="C-47526r5_chk">
                <check-content-ref name="M" href="DPMS_XCCDF_Benchmark_Microsoft Office System 2013.xml" />
                <check-content>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Office 2013 &gt;&gt; Telemetry Dashboard &gt;&gt; "Turn on telemetry data collection" is set to "Enabled".
 
Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\osm
 
If the value “enablelogging” is REG_DWORD = 1, this is not a finding.
                </check-content>
            </check>
        </Rule>
    </Group>
</Benchmark>