2.25.8 Ensure 'Encryption Type for Password Protected Office Open XML Files' is set to Enabled

Information

This policy setting allows you to specify an encryption type for Office Open XML files. The recommended state for this setting is: Enabled . If unencrypted files are intercepted, sensitive information in the files can be compromised. To protect information confidentiality, Office application files can be encrypted and password protected. Only users who know the correct password will be able to decrypt such files. On computers that run Windows Vista, the default cryptographic service provider (CSP) is Microsoft Enhanced RSA and AES Cryptographic Provider, AES-128, 128-bit. On computers that run Windows XP, the default CSP is Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype), AES-128, 128-bit.

Solution

To implement the recommended configuration state, set the following Group Policy setting to Enabled. User Configuration\Administrative Templates\Microsoft Office 2016\Security Settings\Encryption Type for Password Protected Office Open XML Files Impact: Consider the needs of your organization and users when selecting an encryption method to enforce. If you work for a government agency, contract for a government agency, or otherwise work with very sensitive information, you might need to select a method that complies with policies that govern how such information is processed. Remember, you will need to ensure that the selected cryptographic service provider is installed on the computers of all users who need to work with password-protected Office Open XML files.

See Also

https://workbench.cisecurity.org/files/571

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-13

Plugin: Windows

Control ID: 095b73bb457e8fc0846d40dee77c0a8c29f042426e6a67ca17bb4f283097b1b4