STIGQter STIGQter: STIG Summary: Microsoft Office 365 ProPlus Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

Office applications must be configured to specify encryption type in password-protected Office Open XML files.

DISA Rule

SV-223292r508019_rule

Vulnerability Number

V-223292

Group Title

SRG-APP-000231

Rule Version

O365-CO-000009

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2016 >> Security Settings >> Encryption type for password protected Office Open XML files to Microsoft Enhanced RSA and AES Cryptographic Provider,AES 256,256.

Check Contents

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2016 >> Security Settings >> Encryption type for password protected Office Open XML files is set to Microsoft Enhanced RSA and AES Cryptographic Provider,AES 256,256.

Use the Windows Registry Editor to navigate to the following key:

HKCU\software\policies\microsoft\office\16.0\common\security

If the value OpenXMLEncryption is REG_SZ = "Microsoft Enhanced RSA and AES Cryptographic Provider,AES 256,256", this is not a finding.

Vulnerability Number

V-223292

Documentable

False

Rule Version

O365-CO-000009

Severity Override Guidance

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2016 >> Security Settings >> Encryption type for password protected Office Open XML files is set to Microsoft Enhanced RSA and AES Cryptographic Provider,AES 256,256.

Use the Windows Registry Editor to navigate to the following key:

HKCU\software\policies\microsoft\office\16.0\common\security

If the value OpenXMLEncryption is REG_SZ = "Microsoft Enhanced RSA and AES Cryptographic Provider,AES 256,256", this is not a finding.

Check Content Reference

M

Target Key

4099

Comments