Microsoft Access 2010

Settings in this guidance assume a complete installation of Microsoft Office 2010 on the Windows 7 Platform. Registry paths and values identified in each control assume the use of Group Policy Administrative Templates. Installations not using Group Policies to administer Microsoft Office products may observe alternate registry paths for stored configuration values. Comments or proposed revisions to this document should be sent via e-mail to the following address: [email protected]


Version / Release: V1R10

Published: 2018-04-03

Updated At: 2018-09-23 19:14:06

Compare/View Releases

Select any two versions of this STIG to compare the individual requirements

Select any old version/release of this STIG to view the previous requirements




Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-33401r1_rule DTOO104 - Access CCI-001170 MEDIUM Disabling of user name and password syntax from being used in URLs must be enforced. The Uniform Resource Locator (URL) standard allows user authentication to be included in URL strings in the form http://username:[email protected] A malicious user might use this URL syntax to create a hyperlink that appears to open a legitimate Web s
    SV-33387r1_rule DTOO111 - Access CCI-001695 MEDIUM Enabling IE Bind to Object functionality must be present. Internet Explorer performs a number of safety checks before initializing an ActiveX control. It will not initialize a control if the kill bit for the control is set in the registry, or if the security settings for the zone in which the control is located
    SV-33420r1_rule DTOO117 - Access CCI-001170 MEDIUM Saved from URL mark to assure Internet zone processing must be enforced. Typically, when Internet Explorer loads a Web page from a Universal Naming Convention (UNC) share that contains a Mark of the Web (MOTW) comment, indicating the page was saved from a site on the Internet, Internet Explorer runs the page in the Internet se
    SV-33410r1_rule DTOO123 - Access CCI-001170 MEDIUM Navigation to URL's embedded in Office products must be blocked. To protect users from attacks, Internet Explorer usually does not attempt to load malformed URLs. This functionality can be controlled separately for instances of Internet Explorer spawned by Office applications (for example, if a user clicks a link in an
    SV-33399r1_rule DTOO129 - Access CCI-001662 MEDIUM Links that invoke instances of IE from within an Office product must be blocked. The Pop-up Blocker feature in Internet Explorer can be used to block most unwanted pop-up and pop-under windows from appearing. This functionality can be controlled separately for instances of Internet Explorer spawned by Office applications (for example,
    SV-33422r1_rule DTOO131 - Access CCI-001749 MEDIUM Trust Bar Notifications for unsigned application add-ins must be blocked. If an application is configured to require all add-ins be signed by a trusted publisher, any unsigned add-ins the application loads will be disabled and the application will display the Trust Bar at the top of the active window. The Trust Bar contains a m
    SV-33424r1_rule DTOO304 - Access CCI-000381 MEDIUM Warning Bar settings for VBA macros must be configured. When users open files containing VBA Macros, applications open the files with the macros disabled and displays the Trust Bar with a warning that macros are present and have been disabled. Users may then enable these macros by clicking Options on the Trust
    SV-33430r1_rule DTOO136 - Access CCI-000381 MEDIUM The Default file format must be set. When users create new database files, Access saves them in the new Access format. Users can change this functionality by clicking the Office button, clicking Access Options, and then selecting a file format from the Default file format list. If a new data
    SV-33673r1_rule DTOO137 - Access CCI-000366 MEDIUM Prompts to convert older databases must be enforced. When users open databases that were created in the Access 97 file format, Access 2010 prompts them to convert the database to a newer file format. Users can choose to convert the database or leave it in the older format. Disabling this setting enforces
    SV-33433r1_rule DTOO135 - Access CCI-000381 MEDIUM Database functionality configurations must be displayed to the user. When users open an untrusted Access 2010 database that contains user-programmed executable components, Access opens the database with the components disabled and displays the Message Bar with a warning that database content has been disabled. Users can in
    SV-33428r1_rule DTOO130 - Access CCI-002460 MEDIUM Configuration for enabling of hyperlinks must be enforced. Access underlines hyperlinks that appear in tables, queries, forms, and reports. If this configuration is changed, users might click on dangerous hyperlinks without realizing it, which could pose a security riskSystem AdministratorInformation Assurance Of
    SV-33781r1_rule DTOO126 - Access CCI-001662 MEDIUM Add-on Management functionality must be allowed. Internet Explorer add-ons are pieces of code, run in Internet Explorer, to provide additional functionality. Rogue add-ons may contain viruses or other malicious code. Disabling or not configuring this setting could allow malicious code or users to become
    SV-33788r1_rule DTOO209 - Access CCI-001695 MEDIUM Protection from zone elevation must be enforced. Internet Explorer places restrictions on each web page users can use the browser to open. Web pages on a user's local computer have the fewest security restrictions and reside in the Local Machine zone, making this security zone a prime target for malicio
    SV-33792r1_rule DTOO211 - Access CCI-002460 MEDIUM ActiveX Installs must be configured for proper restriction. Microsoft ActiveX controls allow unmanaged, unprotected code to run on the user computers. ActiveX controls do not run within a protected container in the browser like the other types of HTML or Microsoft Silverlight-based controls. Disabling or not confi
    SV-33799r1_rule DTOO132 - Access CCI-001169 MEDIUM File Downloads must be configured for proper restrictions. Disabling this setting allows websites to present file download prompts via code without the user specifically initiating the download. User preferences may also allow the download to occur without prompting or interacting with the user. Even if Interne
    SV-33807r1_rule DTOO124 - Access CCI-001695 MEDIUM Scripted Window Security must be enforced. Malicious websites often try to confuse or trick users into giving a site permission to perform an action allowing the site to take control of the users' computers in some manner. Disabling or not configuring this setting allows unknown websites to: -Crea
    SV-33848r1_rule DTOO127 - Access CCI-001749 MEDIUM Application add-ins must be signed by Trusted Publisher. Office 2010 applications do not check the digital signature on application add-ins before opening them. Disabling or not configuring this setting may allow an application to load a dangerous add-in. As a result, malicious code could become active on use
    SV-33854r1_rule DTOO128 - Access CCI-001170 MEDIUM Data Execution Prevention must be enforced. Data Execution Prevention (DEP) is a set of hardware and software technologies performing additional checks on memory to help prevent malicious code from running on a system. The primary benefit of DEP is to help prevent code execution from data pages. En