STIGQter: STIG Summary: Microsoft Office 365 ProPlus Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

User name and password must be disabled in all Office programs.

DISA Rule

SV-223298r508019_rule

Vulnerability Number

V-223298

Group Title

SRG-APP-000210

Rule Version

O365-CO-000016

Severity

CAT II

CCI(s)

• CCI-001170 - The information system prevents the automatic execution of mobile code in organization-defined software applications.

Weight

10

Fix Recommendation

Set the policy value for Computer Configuration >> Administrative Templates >> Microsoft Office 2016 (Machine) >> Security Settings >> IE Security "Disable user name and password" to "Enabled" and select the check boxes for all installed Office programs.

Check Contents

Verify the policy value for Computer Configuration >> Administrative Templates >> Microsoft Office 2016 (Machine) >> Security Settings >> IE Security "Disable user name and password" is set to "Enabled" and the check box is selected for every installed Office program.

Use the Windows Registry Editor to navigate to the following key:

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE

If the value for all installed programs is REG_DWORD = 1, this is not a finding.

Vulnerability Number

V-223298

Documentable

False

Rule Version

O365-CO-000016

Severity Override Guidance

Verify the policy value for Computer Configuration >> Administrative Templates >> Microsoft Office 2016 (Machine) >> Security Settings >> IE Security "Disable user name and password" is set to "Enabled" and the check box is selected for every installed Office program.

Use the Windows Registry Editor to navigate to the following key:

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE

If the value for all installed programs is REG_DWORD = 1, this is not a finding.

Check Content Reference

M

Target Key

4099

Comments