2.3.31.1 Ensure 'Legacy format signatures' is set to 'Disabled'

Information

This policy setting controls whether users can apply binary format digital signatures to Office 97-2003 documents.

The recommended state for this setting is: Disabled.

Rationale:

By default, Office applications use the XML-based XMLDSIG format to attach digital signatures to documents, including Office 97-2003 binary documents. XMLDSIG signatures are not recognized by Office 2003 applications or previous versions. If an Office 2003 user opens an Excel, PowerPoint, or Word binary document with an XMLDSIG signature attached, the signature will be lost.

Impact:

Enabling this setting is not likely to cause significant usability issues for most Office users.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled:

User Configuration\Administrative Templates\Microsoft Office 2016\Signing\Legacy format signatures

Default Value:

Disabled. (Office applications use the XML--based XMLDSIG format to attach digital signatures to documents.)

See Also

https://workbench.cisecurity.org/benchmarks/12129

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-7(6)

Plugin: Windows

Control ID: 5f78ef7526b383d8db9c21f155cff7cacee84dfbc66654eddb09038df33caed2