DTOO200 - Office must be configured to not allow read with browsers.

Information

The Windows Rights Management Add-on for Internet Explorer provides a way for users who do not use the 2013 Office release to view, but not alter, files with restricted permissions. By default, IRM-enabled files are saved in a format that cannot be viewed by using the Windows Rights Management Add-on. If this setting is enabled, an embedded rights-managed HTML version of the content is saved with each IRM-enabled file, which can be viewed in Internet Explorer using the add-on, representing the risk of documents being read by those without the rights and not intended to have access to the document.

Solution

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Manage Restricted Permissions 'Allow users with earlier versions of Office to read with browsers' to 'Disabled'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_OfficeSystem_2013_V2R2_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3(4), CAT|II, CCI|CCI-002165, Rule-ID|SV-228555r961317_rule, STIG-ID|DTOO200, STIG-Legacy|SV-52749, STIG-Legacy|V-17583, Vuln-ID|V-228555

Plugin: Windows

Control ID: 5c5645fdc281a7898008af5fa398071e0fb4861b72fd62a5ccb9be693e58cc28