Microsoft Access 2007 Security Technical Implementation Guide

The Microsoft Access 2007 STIG is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the NIST 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: [email protected]


Version / Release: V4R15

Published: 2017-10-02

Updated At: 2018-10-12 01:23:26

Compare/View Releases

Select any two versions of this STIG to compare the individual requirements

Select any old version/release of this STIG to view the previous requirements




Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-19429r2_rule DTOO104 - Access MEDIUM Disable user name and password syntax from being used in URLs The Uniform Resource Locator (URL) standard allows user authentication to be included in URL strings in the form http://username:[email protected] A malicious user might use this URL syntax to create a hyperlink that appears to open a legitimate websi
    SV-18190r2_rule DTOO111 - Access MEDIUM Bind to Object - Access Internet Explorer performs a number of safety checks before initializing an ActiveX control. It will not initialize a control if the kill bit for the control is set in the registry, or if the security settings for the zone in which the control is located
    SV-18205r2_rule DTOO117 - Access MEDIUM Saved from URL - Access Typically, when Internet Explorer loads a web page from a UNC share that contains a Mark of the Web (MOTW) comment that indicates the page was saved from a site on the Internet, Internet Explorer runs the page in the Internet security zone instead of the
    SV-18603r2_rule DTOO123 - Access MEDIUM Block navigation to URL embedded in Office products to protect against attack by malformed URL. To protect users from attacks, Internet Explorer usually does not attempt to load malformed URLs. This functionality can be controlled separately for instances of Internet Explorer spawned by 2007 Office applications (for example, if a user clicks a link
    SV-18215r2_rule DTOO129 - Access MEDIUM No pop-ups - Access The Pop-up Blocker feature in Internet Explorer can be used to block most unwanted pop-up and pop-under windows from appearing. This functionality can be controlled separately for instances of Internet Explorer spawned by 2007 Office applications (for exa
    SV-18219r1_rule DTOO131 - Access MEDIUM Disable Trust Bar Notification for unsigned application add-ins - Access By default, if an application is configured to require that all add-ins be signed by a trusted publisher, any unsigned add-ins the application loads will be disabled and the application will display the Trust Bar at the top of the active window. The Trust
    SV-18637r1_rule DTOO304 - Access MEDIUM Enable Warning Bar settings for VBA macros contained in Access Files. By default, when users open files in the specified applications that contain VBA macros, the applications open the files with the macros disabled and display the Trust Bar with a warning that macros are present and have been disabled. Users can inspect an
    SV-18706r2_rule DTOO136 - Access MEDIUM Set the default saved file format for Access. By default, when users create new database files, Access 2007 saves them in the new Access 2007 format. Users can change this functionality by clicking the Office button, clicking Access Options, and then selecting a file format from the Default file form
    SV-18733r1_rule DTOO137 - Access MEDIUM Do not Prompt to convert when opening older databases - Access. By default, when users open databases that were created in the Access 97 file format, Access 2007 prompts them to convert the database to a newer file format. Users can choose to convert the database or leave it in the older format. If this configuration
    SV-18952r1_rule DTOO135 - Access MEDIUM Enable Modal Trust Decision Only - Access By default, when users open an untrusted Access 2007 database that contains user-programmed executable components, Access opens the database with the components disabled and displays the Message Bar with a warning that database content has been disabled.
    SV-19046r1_rule DTOO130 - Access MEDIUM Enable the feature to underline hyperlinks in Access. By default, Access 2007 underlines hyperlinks that appear in tables, queries, forms, and reports. If this configuration is changed, users might click on dangerous hyperlinks without realizing it, which could pose a security riskSystem AdministratorInforma
    SV-32370r3_rule DTOO287 HIGH An unsupported Microsoft Office version must not be installed. Failure to install the most current Office version leaves a system vulnerable to exploitation. Current service packs correct known security and system vulnerabilities. If Microsoft Office installation is not at the most current version and service pack