Select any two versions of this STIG to compare the individual requirements
Select any old version/release of this STIG to view the previous requirements
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Server Settings "Disable the Office client from polling the SharePoint Server for published links" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\portal If the value 'LinkPublishingDisabled' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Server Settings "Disable the Office client from polling the SharePoint Server for published links" to "Enabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Tools >> Options >> Spelling >> Proofing Data Collection "Improve Proofing Tools" is set to "Disabled". Use the Windows Registry Editor to navigate to the following. HKCU\Software\Policies\Microsoft\Office\15.0\common\ptwatson If the value 'PTWOptIn' is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Tools \ Options \ Spelling -> Proofing Data Collection "Improve Proofing Tools" to "Disabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Security Settings >> Trust Center "Allow mix of policy and user locations" is set to "Disabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\security\trusted locations If the value 'Allow User Locations' is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Security Settings -> Trust Center "Allow mix of policy and user locations" to "Disabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Smart Documents (Word, Excel) "Disable Smart Document's use of manifests" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\Common\Smart Tag If the value 'NeverLoadManifests' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Smart Documents (Word, Excel) "Disable Smart Document's use of manifests" to "Enabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Signing "Legacy format signatures" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\signatures If the value 'EnableCreationOfWeakXPSignatures' is REG_DWORD = 1, this is not a finding. Fix Text: Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Signing "Legacy format signatures" to "Enabled".
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Signing "Legacy format signatures" to "Enabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Signing "Suppress external signature services menu item" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\signatures Criteria: If the value 'SuppressExtSigningSvcs' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Signing "Suppress external signature services menu item" to "Enabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Microsoft Save As PDF and XPS add-ins "Disable inclusion of document properties in PDF and XPS output" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\fixedformat If the value 'DisableFixedFormatDocProperties' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Microsoft Save As PDF and XPS add-ins "Disable inclusion of document properties in PDF and XPS output" to "Enabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Miscellaneous "Control Blogging" is set to "Enabled (Only SharePoint blogs allowed)". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\Common\Blog If the value 'DisableBlog' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Miscellaneous "Control Blogging" to "Enabled (Only SharePoint blogs allowed)".
Verify the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2013 (Machine)->Updates->"Hide option to enable or disable updates" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\software\policies\Microsoft\office\15.0\common\officeupdate Criteria: If the value HideEnableDisableUpdates is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2013 (Machine)->Updates->"Hide option to enable or disable updates" is set to "Enabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Privacy >> Trust Center >>"Allow including screenshot with Office Feedback" is set to "Disabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\feedback If the value 'includescreenshot' is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Privacy -> Trust Center -> "Allow including screenshot with Office Feedback" to "Disabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Security Settings >> Trust Center >> Trusted Catalogs "Allow Unsecure Apps and Catalogs" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following hive: HKCU\Software\Policies\Microsoft\Office\15.0\wef\trustedcatalogs If the value 'requireserververification' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Security Settings >> Trust Center >> Trusted Catalogs "Allow Unsecure Apps and Catalogs" to "Disabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Telemetry Dashboard >> "Turn on privacy setting in Office Telemetry Agent" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\osm If the value 'enablefileobfuscation' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Telemetry Dashboard >> "Turn on privacy setting in Office Telemetry Agent" to "Enabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Privacy >> Trust Center "Disable Opt-in Wizard on first run" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\general If the value 'ShownFirstRunOptin' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Privacy -> Trust Center "Disable Opt-in Wizard on first run" to "Enabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Privacy >> Trust Center "Enable Customer Experience Improvement Program" is set to "Disabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common Criteria: If the value 'QMEnable' is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Privacy -> Trust Center "Enable Customer Experience Improvement Program" to "Disabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Privacy >> Trust Center "Automatically receive small updates to improve reliability" is set to "Disabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common If the value 'UpdateReliabilityData' is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Privacy -> Trust Center "Automatically receive small updates to improve reliability" to "Disabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Services >> Fax "Disable Internet Fax feature" to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\services\fax If the value 'NoFax' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Services -> Fax "Disable Internet Fax feature" to "Enabled".
Note: This check is Not Applicable when the use of Office 365 is against the specific DoD instance of O365. The use of Offline Content for Non-DoD instances of O365 is prohibited and it must not allow for personal account synchronization. All non-DoD instances are subject to this requirement. Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Tools >> Options >> General >> Service Options... >> Online Content "Online content options" is set to "Enabled: Do not allow Office to connect to the internet". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\internet If the value 'UseOnlineContent' is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Tools >> Options >> General >> Service Options... >> Online Content "Online content options" to "Enabled: Do not allow Office to connect to the internet".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> First Run >> "Disable First Run Movie" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\firstrun Criteria: If the value 'disablemovie' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> First Run -> "Disable First Run Movie" to "Enabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> First Run >> "Disable Office First Run on application boot" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\firstrun Criteria: If the value 'bootedrtm' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> First Run -> "Disable Office First Run on application boot" to "Enabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Miscellaneous >> "Block signing into Office" is set to "Enabled: org ID only". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\signin If the value 'signinoptions' is REG_DWORD = 2, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Miscellaneous -> "Block signing into Office" to "Enabled: org ID only".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Miscellaneous >> "Do not automatically hyperlink screenshots" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\gfx If the value 'disablescreenshotautohyperlink' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Miscellaneous -> "Do not automatically hyperlink screenshots" to "Enabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Miscellaneous .> "Show OneDrive Sign In" is set to "Disabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\general If the value 'SkyDriveSignInOption' is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Miscellaneous -> "Show OneDrive Sign In" to "Disabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Present Online >> "Remove Office Presentation Service from the list of online presentation services in PowerPoint and Word" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\broadcast If the value 'disabledefaultservice' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Present Online -> "Remove Office Presentation Service from the list of online presentation services in PowerPoint and Word" to "Enabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Privacy >> Trust Center >> "Send Office Feedback" is set to "Disabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\feedback If the value 'enabled' is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Privacy >> Trust Center >> "Send Office Feedback" to "Disabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Services >> "Disable Roaming Office User Settings" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\roaming If the value 'roamingsettingsdisabled' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Services >> "Disable Roaming Office User Settings" to "Enabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Telemetry Dashboard >> "Turn on data uploading for Office Telemetry Agent" is set to "Disabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\osm If the value 'enableupload' is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Telemetry Dashboard >> "Turn on data uploading for Office Telemetry Agent" to "Disabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Telemetry Dashboard >> "Turn on telemetry data collection" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\osm If the value 'enablelogging' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Telemetry Dashboard >> "Turn on telemetry data collection" to "Enabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Tools | Options | General | Web Options... >> Files "Open Office documents as read/write while browsing" is set to "Disabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\internet If the value 'OpenDocumentsReadWriteWhileBrowsing' for REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Tools | Options | General | Web Options... >> Files "Open Office documents as read/write while browsing" to "Disabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Tools >> Options >> General >> Web Options >> Browsers "Rely on VML for displaying graphics in browsers" is set to "Disabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\internet. If the value 'RelyOnVML' is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Tools \ Options \ General \ Web Options -> Browsers "Rely on VML for displaying graphics in browsers" to "Disabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Security Settings "Automation Security" is set to "Enabled (Use application macro security level)". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\Common\Security If the value "AutomationSecurity" is REG_DWORD =2, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Security Settings "Automation Security" to "Enabled (Use application macro security level)".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Present Online >> "Restrict programmatic access for creating online presentations in PowerPoint and Word" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\broadcast If the value 'disableprogrammaticaccess' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Present Online -> "Restrict programmatic access for creating online presentations in PowerPoint and Word" to "Enabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Security Settings "Protect document metadata for password protected files" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\security If the value 'OpenXMLEncryptProperty' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Security Settings "Protect document metadata for password protected files" to "Enabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Security Settings "Encryption type for password protected Office Open XML files" is set to "Enabled (Microsoft Enhanced RSA and AES Cryptographic Provider, AES 256,256)". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\security If the value 'OpenXMLEncryption' is REG_SZ = "Microsoft Enhanced RSA and AES Cryptographic Provider, AES 256,256", this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Security Settings "Encryption type for password protected Office Open XML files" to "Enabled (Microsoft Enhanced RSA and AES Cryptographic Provider,AES 256,256)".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Security Settings "Encryption type for password protected Office 97-2003 files" is set to "Enabled (Microsoft Enhanced RSA and AES Cryptographic Provider, AES 256,256)". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\security If the value 'DefaultEncryption12' is REG_SZ = "Microsoft Enhanced RSA and AES Cryptographic Provider, AES 256,256", this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Security Settings "Encryption type for password protected Office 97-2003 files" to "Enabled (Microsoft Enhanced RSA and AES Cryptographic Provider,AES 256,256)".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Security Settings "Disable password to open UI" is set to "Disabled". Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\common\security If the value 'DisablePasswordUI' is REG_DWORD = 0, this is not a finding. Fix Text: Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Security Settings "Disable password to open UI" to "Disabled".
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Security Settings "Disable password to open UI" to "Disabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Security Settings "Disable all Trust Bar notifications for security issues" is set to "Disabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\trustcenter If the value 'TrustBar' is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Security Settings "Disable all Trust Bar notifications for security issues" to "Disabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Security Settings "Load Controls in Forms3" is set to "Disabled". Use the Windows Registry Editor to navigate to the following HKCU\keycupoliciesmsvbasecurity If the value 'LoadControlsInForms' exists, this is a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Security Settings "Load Controls in Forms3" to "Disabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Security Settings >> Trust Center >> Trusted Catalogs "Block the Office Store" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\wef\trustedcatalogs If the value 'disableomexcatalogs' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Security Settings >> Trust Center >> Trusted Catalogs "Block the Office Store" to "Enabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Manage Restricted Permissions "Prevent users from changing permissions on rights managed content" is set to "Disabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\drm Criteria: If the value 'DisableCreation' is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Manage Restricted Permissions "Prevent users from changing permissions on rights managed content" to "Disabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Manage Restricted Permissions "Allow users with earlier versions of Office to read with browsers" is set to "Disabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\drm If the value 'IncludeHTML' is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Manage Restricted Permissions "Allow users with earlier versions of Office to read with browsers" to "Disabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Manage Restricted Permissions "Always require users to connect to verify permission" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\drm Criteria: If the value 'RequireConnection' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Manage Restricted Permissions "Always require users to connect to verify permission" to "Enabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Security Settings "ActiveX Control Initialization" is set to "Disabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\Common\Security If the value 'UFIControls' exists, this is a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Security Settings "ActiveX Control Initialization" to "Disabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Security Settings "Suppress hyperlink warnings" is set to "Disabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\security Criteria: If the value 'DisableHyperLinkWarning' is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Security Settings "Suppress hyperlink warnings" to "Disabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Document Information Panel "Document Information Panel Beaconing UI" is set to "Enabled (Always show UI)". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\documentinformationpanel If the value 'Beaconing' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Document Information Panel "Document Information Panel Beaconing UI" to "Enabled (Always show UI)".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Security Settings "Protect document metadata for rights managed Office Open XML Files" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\security If the value 'DRMEncryptProperty' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Security Settings "Protect document metadata for rights managed Office Open XML Files" to "Enabled".
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Security Settings "Encrypt document properties" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\security Criteria: If the value 'EncryptDocProps' is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Security Settings "Encrypt document properties" to "Enabled".
Microsoft Office 2013 is no longer supported by the vendor. If the system is running Microsoft Office 2013, this is a finding.
Upgrade to a supported version.