Select any two versions of this STIG to compare the individual requirements
Select any old version/release of this STIG to view the previous requirements
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Disable user name and password” must be “Enabled” and a check in the ‘msaccess.exe’ check box must be present. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE Criteria: If the value msaccess.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Disable user name and password” to “Enabled” and place a check in the ‘msaccess.exe’ check box.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Bind to Object” must be “Enabled” and a check in the ‘msaccess.exe’ check box must be present. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT Criteria: If the value msaccess.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Bind to Object” to “Enabled” and place a check in the ‘msaccess.exe’ check box.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Saved from URL” must be “Enabled” and a check in the ‘msaccess.exe’ check box must be present. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK Criteria: If the value msaccess.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Saved from URL” to “Enabled” and place a check in the ‘msaccess.exe’ check box.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Navigate URL” must be “Enabled” and a check in the ‘msaccess.exe’ check box must be present. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL Criteria: If the value msaccess.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Navigate URL” to “Enabled” and place a check in the ‘msaccess.exe’ check box.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Block popups” must be “Enabled” and ‘msaccess.exe’ is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT Criteria: If the value msaccess.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Block popups” to “Enabled” and select ‘msaccess.exe’.
The policy value for User Configuration -> Administrative Templates -> Microsoft Access 2010 -> Application Settings -> Security -> Trust Center “Disable Trust Bar Notification for unsigned application add-ins and block them” must be “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\access\security Criteria: If the value NoTBPromptUnsignedAddin is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Access 2010 -> Application Settings -> Security -> Trust Center “Disable Trust Bar Notification for unsigned application add-ins and block them” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Access 2010-> Application Settings -> Security -> Trust Center “VBA Macro Notification Settings” must be “Enabled (Disabled all with notifications)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\access\security Criteria: If the value VBAWarnings is REG_DWORD = 2, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Access 2010 -> Application Settings -> Security -> Trust Center “VBA Macro Warning Settings” to “Enabled (Disabled all with notifications)”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Access 2010 -> Miscellaneous “Default File Format” must be set to “Enabled (Access 2007)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\access\settings Criteria: If the value Default File Format is REG_DWORD = 0x0000000c (hex) or 12 (Decimal), this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Access 2010 -> Miscellaneous “Default File Format” to “Enabled (Access 2007)”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Access 2010 -> Miscellaneous “Do not prompt to convert older databases” must be “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\access\settings Criteria: If the value NoConvertDialog is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Access 2010 -> Miscellaneous “Do not prompt to convert older databases” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Access 2010 -> Tools \ Security “Modal Trust Decision Only” must be “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\access\security Criteria: If the value ModalTrustDecisionOnly is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Access 2010 -> Tools \ Security “Modal Trust Decision Only” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Access 2010-> Application Settings -> Web Options... -> General “Underline Hyperlinks” must be “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\access\internet Criteria: If the value DoNotUnderlineHyperlinks is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Access 2010 -> Application Settings -> Web Options... -> General “Underline Hyperlinks” to “Enabled”.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Add-on Management” must be set to “Enabled” and ‘msaccess.exe’ is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT Criteria: If the value msaccess.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Add-on Management” to “Enabled” and ‘msaccess.exe’ is checked.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Protection From Zone Elevation” must be set to “Enabled” and 'msaccess.exe' is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION Criteria: If the value msaccess.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Protection From Zone Elevation” to “Enabled” and 'msaccess.exe' is checked.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Restrict ActiveX Install” must be set to “Enabled” and 'msaccess.exe' is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL Criteria: If the value msaccess.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Restrict ActiveX Install” to “Enabled” and 'msaccess.exe' is checked.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Restrict File Download” must be set to “Enabled” and 'msaccess.exe' is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD Criteria: If the value msaccess.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Restrict File Download” to “Enabled” and 'msaccess.exe' is checked.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Scripted Window Security Restrictions” must be set to “Enabled” and 'msaccess.exe' is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS Criteria: If the value msaccess.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Scripted Window Security Restrictions” to “Enabled” and 'msaccess.exe' is checked.
The policy value for User Configuration -> Administrative Templates -> Microsoft Access 2010 -> Application Settings -> Security -> Trust Center “Require that application add-ins are signed by Trusted Publisher” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\access\security Criteria: If the value RequireAddinSig is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Access 2010 -> Application Settings -> Security -> Trust Center “Require that application add-ins are signed by Trusted Publisher” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Access 2010 -> Application Settings -> Security -> Trust Center “Turn off Data Execution Prevention” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\access\security Criteria: If the value EnableDEP is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Access 2010 -> Application Settings -> Security -> Trust Center “Turn off Data Execution Prevention” to “Disabled”.