Select any two versions of this STIG to compare the individual requirements
Select any old version/release of this STIG to view the previous requirements
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Disable user name and password” must be “Enabled” and a check in the ‘winword.exe’ check box must be present. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE Criteria: If the value winword.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Disable user name and password” to “Enabled” and place a check in the ‘winword.exe’ check box.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Bind to Object” must be “Enabled” and a check in the ‘winword.exe’ check box must be present. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT Criteria: If the value winword.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Bind to Object” to “Enabled” and place a check in the ‘winword.exe’ check box.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Saved from URL” must be “Enabled” and a check in the ‘winword.exe’ check box must be present. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK Criteria: If the value winword.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Saved from URL” to “Enabled” and place a check in the ‘winword.exe’ check box.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Navigate URL” must be “Enabled” and a check in the ‘winword.exe’ check box must be present. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL Criteria: If the value winword.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Navigate URL” to “Enabled” and place a check in the ‘winword.exe’ check box.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Block popups” must be “Enabled” and ‘winword.exe’ is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT Criteria: If the value winword.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Block popups” to “Enabled” and select 'winword.exe’.
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center “Disable Trust Bar Notification for unsigned application add-ins and block them” must be “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\security Criteria: If the value NoTBPromptUnsignedAddin is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center “Disable Trust Bar Notification for unsigned application add-ins and block them” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Office 2010 -> Office 2010 Converters “Block opening of pre-release versions of file formats new to Word 2010 through the Compatibility Pack for Office 2010 and Word 2010 Open XML/Word 97-2003 Format Converter” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\security\fileblock Criteria: If the value Word12BetaFilesFromConverters is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2010 -> Office 2010 Converters “Block opening of pre-release versions of file formats new to Word 2010 through the Compatibility Pack for Office 2010 and Word 2010 Open XML/Word 97-2003 Format Converter” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> Trusted Locations “Disable all trusted locations” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\security\trusted locations Criteria: If the value AllLocationsDisabled is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> Trusted Locations “Disable all trusted locations” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center “Scan encrypted macros in Word Open XML documents” must be “Enabled (Scan encrypted macros (default))”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\security Criteria: If the value WordBypassEncryptedMacroScan is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center “Scan encrypted macros in Word Open XML documents” to “Enabled (Scan encrypted macros (default))”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> Trusted Locations “Allow Trusted Locations on the network” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\security\trusted locations Criteria: If the value AllowNetworkLocations is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> Trusted Locations “Allow Trusted Locations on the network” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Save "default file format" must be set to "Enabled Word Document (.docx)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\options Criteria: If the value DefaultFormat is REG_SZ = (blank), this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Save "default file format" to "Enabled Word Document (.docx)”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center “Trust access to Visual Basic Project” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\security Criteria: If the value AccessVBOM is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center “Trust access to Visual Basic Project” to “Disabled”.
NOTE: If VBA support is not installed, this check is Not Applicable. The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center “VBA Macro Notification Settings” must be “Enabled (Disable all with notification)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\security Criteria: If the value VBAWarnings is REG_DWORD = 2, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center “VBA Macro Notification Settings” to “Enabled (Disable all with notification)”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Advanced “Update automatic links at Open” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\options Criteria: If the value DontUpdateLinks is REG_DWORD = 1 this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Advanced “Update automatic links at Open” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security “Warn before printing, saving or sending a file that contains tracked changes or comments” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\options\vpref Criteria: If the value fWarnRevisions_1125_1 is REG_DWORD = 1 this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security “Warn before printing, saving or sending a file that contains tracked changes or comments” to “Enabled”.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Add-on Management ” must be set to “Enabled” and ‘winword.exe’ is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT Criteria: If the value winword.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Add-on Management ” to “Enabled” and ‘winword.exe’ is checked.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Protection From Zone Elevation” must be set to “Enabled” and 'winword.exe' is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION Criteria: If the value winword.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Protection From Zone Elevation” to “Enabled” and 'winword.exe' is checked.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Restrict ActiveX Install” must be set to “Enabled” and 'winword.exe' is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL Criteria: If the value winword.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Restrict ActiveX Install” to “Enabled” and 'winword.exe' is checked.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Restrict File Download” must be set to “Enabled” and 'winword.exe' is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD Criteria: If the value winword.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Restrict File Download” to “Enabled” and 'winword.exe' is checked.
The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Scripted Window Security Restrictions” must be set to “Enabled” and 'winword.exe' is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS Criteria: If the value winword.exe is REG_DWORD = 1, this is not a finding.
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Scripted Window Security Restrictions” to “Enabled” and 'winword.exe' is checked.
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center “Require that application add-ins are signed by Trusted Publisher” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\security Criteria: If the value RequireAddinSig is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center “Require that application add-ins are signed by Trusted Publisher” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center “Turn off Data Execution Prevention” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\security Criteria: If the value EnableDEP is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center “Turn off Data Execution Prevention” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security “Turn off file validation” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\security\filevalidation Criteria: If the value EnableOnLoad is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security “Turn off file validation” to “Disabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> File Block Settings “Set default file block behavior” must be “Enabled: Blocked files are not opened”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\security\fileblock Criteria: If the value OpenInProtectedView is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> File Block Settings “Set default file block behavior” to “Enabled: Blocked files are not opened”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> Protected View “Do not open files from the Internet zone in Protected View” must be set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\security\protectedview Criteria: If the value DisableInternetFilesInPV is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> Protected View “Do not open files from the Internet zone in Protected View” to "Disabled".
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> Protected View “Do not open files in unsafe locations in Protected View” must be set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\security\protectedview Criteria: If the value DisableUnsafeLocationsInPV is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> Protected View “Do not open files in unsafe locations in Protected View” to "Disabled".
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> Protected View “Set document behavior if file validation fails” must be "Enabled: Open in Protected View" and Unchecked for "Do not allow edit". Procedure: Use the Windows Registry Editor to navigate to the following keys: HKCU\Software\Policies\Microsoft\Office\14.0\word\security\filevalidation Criteria: If the value OpenInProtectedView is REG_DWORD = 1, this is not a finding. AND HKCU\Software\Policies\Microsoft\Office\14.0\word\security\filevalidation Criteria: If the value DisableEditFromPV is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> Protected View “Set document behavior if file validation fails” to "Enabled: Open in Protected View" and Unchecked for "Do not allow edit".
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> Protected View “Turn off Protected View for attachments opened from Outlook” must be set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following keys: HKCU\Software\Policies\Microsoft\Office\14.0\word\security\protectedview Criteria: If the value DisableAttachmentsInPV is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> Protected View “Turn off Protected View for attachments opened from Outlook” to "Disabled".
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Miscellaneous “Use online translation dictionaries” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\common\research\translation Criteria: If the value UseOnline is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Miscellaneous “Use online translation dictionaries” to “Enabled”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> File Block Settings “Word 2 and earlier binary documents and templates” must be “Enabled: Open/Save blocked, use open policy”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\security\fileblock Criteria: If the value Word2Files is REG_DWORD = 2, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> File Block Settings “Word 2 and earlier binary documents and templates” to “Enabled: Open/Save blocked, use open policy”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> File Block Settings “Word 2000 binary documents and templates” must be “Enabled: Allow editing and open in Protected View". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\security\fileblock Criteria: If the value Word2000Files is REG_DWORD = 5, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> File Block Settings “Word 2000 binary documents and templates” to “Enabled: Allow editing and open in Protected View".
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> File Block Settings “Word 6.0 binary documents and templates” must be “Enabled: Open/Save blocked, use open policy”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\security\fileblock Criteria: If the value Word60Files is REG_DWORD = 2, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> File Block Settings “Word 6.0 binary documents and templates” to “Enabled: Open/Save blocked, use open policy”.
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> File Block Settings “Word 95 binary documents and templates” must be “Enabled: Allow editing and open in Protected View". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\security\fileblock Criteria: If the value Word95Files is REG_DWORD = 5, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> File Block Settings “Word 95 binary documents and templates” to “Enabled: Allow editing and open in Protected View".
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> File Block Settings “Word 97 binary documents and templates” must be “Enabled: Allow editing and open in Protected View". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\security\fileblock Criteria: If the value Word97Files is REG_DWORD = 5, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> File Block Settings “Word 97 binary documents and templates” to “Enabled: Allow editing and open in Protected View".
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> File Block Settings “Word XP binary documents and templates” must be “Enabled: Allow editing and open in Protected View". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\word\security\fileblock Criteria: If the value WordXPFiles is REG_DWORD = 5, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center -> File Block Settings “Word XP binary documents and templates” to “Enabled: Allow editing and open in Protected View".