1.4.7.2.6 Ensure 'Require That Application Add-ins are Signed By Trusted Publisher' is set to Enabled

Information

This policy setting controls whether add-ins for the specified Office applications must be digitally signed by a trusted publisher. The recommended state for this setting is: Enabled. By default, Office applications do not check the digital signature on application add-ins before opening them. Disabling or not configuring this setting may allow an application to load a dangerous add-in. As a result, malicious code could become active on user computers or the network.

Solution

To implement the recommended configuration state, set the following Group Policy setting to Enabled. User Configuration\Administrative Templates\Microsoft Excel 2013\Excel Options\Security\Trust Center\Require That Application Add-ins are Signed By Trusted Publisher Impact: Enabling this setting could cause disruptions for users who rely on add-ins that are not signed by trusted publishers. These users will either have to obtain signed versions of such add-ins or stop using them.

See Also

https://workbench.cisecurity.org/files/568

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-7(15)

Plugin: Windows

Control ID: 4eca026a013a3c63fa6167fac66291cee66e646c7e2d2440d3466c9bceada82a