Select any two versions of this STIG to compare the individual requirements
Select any old version/release of this STIG to view the previous requirements
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security "Disable user name and password" must be "Enabled" and a check in the "mspub.exe" check box must be present. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE Criteria: If the value mspub.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security "Disable user name and password" to "Enabled" and place a check in the "mspub.exe" check box.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security "Bind to Object" must be "Enabled" and a check in the "mspub.exe" check box must be present. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT Criteria: If the value mspub.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security "Bind to Object" to "Enabled" and place a check in the "mspub.exe" check box.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security "Saved from URL" must be "Enabled" and a check in the "mspub.exe" check box must be present. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK Criteria: If the value mspub.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security "Saved from URL" to "Enabled" and place a check in the "mspub.exe" check box.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security "Navigate URL" must be "Enabled" and a check in the "mspub.exe" check box must be present. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL Criteria: If the value mspub.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security "Navigate URL" to "Enabled" and place a check in the "mspub.exe" check box.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security "Scripted Window Security Restrictions" must be set to "Enabled" and "mspub.exe" is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS Criteria: If the value mspub.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security "Scripted Window Security Restrictions" to "Enabled" and "mspub.exe" is checked.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Ofice 2010 (Machine) -> Security Settings -> IE Security "Add-on Management" must be set to "Enabled" and "mspub.exe" is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT Criteria: If the value mspub.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security "Add-on Management" to "Enabled" and "mspub.exe" is checked.
The policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2010 -> Security -> Trust Center "Require that application add-ins are signed by Trusted Publisher" must be set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\publisher\security Criteria: If the value RequireAddinSig is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2010 -> Security -> Trust Center "Require that application add-ins are signed by Trusted Publisher" to "Enabled".
The policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2010 -> Security -> Trust Center "Turn off Data Execution Prevention" must be set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\publisher\security Criteria: If the value EnableDEP is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2010 -> Security -> Trust Center "Turn off Data Execution Prevention" to "Disabled".
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security "Block popups" must be "Enabled" and "mspub.exe" is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT Criteria: If the value mspub.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security "Block popups" to "Enabled" and select "mspub.exe".
The policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2010 -> Security -> Trust Center "Disable Trust Bar Notification for unsigned application add-ins" must be "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\publisher\security Criteria: If the value NoTBPromptUnsignedAddin is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2010 -> Security -> Trust Center "Disable Trust Bar Notification for unsigned application add-ins" to "Enabled".
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security "Restrict File Download" must be set to "Enabled" and "mspub.exe" is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD Criteria: If the value mspub.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security "Restrict File Download" to "Enabled" and "mspub.exe" is checked.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security "Protection From Zone Elevation" must be set to "Enabled" and "mspub.exe" is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION Criteria: If the value mspub.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security "Protection From Zone Elevation" to "Enabled" and "mspub.exe" is checked.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security "Restrict ActiveX Install" must be set to "Enabled" and "mspub.exe" is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL Criteria: If the value mspub.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security "Restrict ActiveX Install" to "Enabled" and "mspub.exe" is checked.
The policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2010-> Security -> Trust Center "VBA Macro Notification Settings" must be "Enabled (Disabled all with notifications)". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\publisher\security Criteria: If the value VBAWarnings is REG_DWORD = 2, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2010-> Security -> Trust Center "VBA Macro Notification Settings" to "Enabled (Disabled all with notifications)".
The policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2010 -> Security "Prompt to allow fatally corrupt files to open instead of blocking them" must be set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\publisher Criteria: If the value PromptForBadFiles is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2010 -> Security "Prompt to allow fatally corrupt files to open instead of blocking them" to "Disabled".
The policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2010 -> Security "Publisher Automation Security Level" must be set to "Enabled and High (Disabled)" is selected. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\Common\Security Criteria: If the value AutomationSecurityPublisher is REG_DWORD = 3, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2010 -> Security "Publisher Automation Security Level" to "Enabled and High (Disabled)" is selected.
Microsoft Publisher 2010 is no longer supported by the vendor. If the system is running Microsoft Publisher 2010, this is a finding.
Upgrade to a supported version.