1.1.3.2.1.2 Ensure 'Disable all trusted locations' is set to Enabled

Information

This policy setting allows administrators to disable all trusted locations in the specified applications. Trusted locations specified in the Trust Center are used to define file locations that are assumed to be safe. Content, code, and add-ins are allowed to load from trusted locations with a minimal amount of security, without prompting the users for permission. If a dangerous file is opened from a trusted location, it will not be subject to standard security measures and could harm users' computers or data. The recommended state for this setting is: Enabled. Trusted locations specified in the Trust Center are used to define file locations that are assumed to be safe. Content, code, and add-ins are allowed to load from trusted locations with a minimal amount of security, without prompting the users for permission. If a dangerous file is opened from a trusted location, it will not be subject to standard security measures and could harm users' computers or data. By default, files located in trusted locations (those specified in the Trust Center) are assumed to be safe.

Solution

To implement the recommended configuration state, set the following Group Policy setting to Enabled. User Configuration\Administrative Templates\Microsoft Access 2013\Application Settings\Security\Trust Center\Trusted Locations\Disable all trusted locations Impact: If there are business-critical reasons to access some files in a more trusted environment, disabling trusted locations could cause usability problems.

See Also

https://workbench.cisecurity.org/files/566

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Windows

Control ID: 97789d62883a18998a1ec36da30f462e8579010029122b7b2dacc101d733d3bf