UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Microsoft InfoPath 2013 STIG


Overview

Date Finding Count (24)
2015-06-18 CAT I (High): 0 CAT II (Med): 24 CAT III (Low): 0
STIG Description
The Microsoft InfoPath 2013 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-17187 Medium Trust Bar Notifications for unsigned application add-ins must be blocked.
V-26625 Medium InfoPath 2013 applications must be prevented from loading any custom user interface (UI) code.
V-17667 Medium Disabling sending form templates with the email forms must be configured.
V-26620 Medium Disabling opening forms with managed code from the Internet security zone must be configured.
V-17580 Medium Opening behavior for Email forms containing code or scripts must be controlled.
V-17663 Medium Disabling the opening of solutions from the Internet Security Zone must be configured.
V-17764 Medium Unsafe file types must be prevented from being attached to InfoPath forms.
V-17745 Medium Beaconing UI shown for opened forms must be configured.
V-17746 Medium Beaconing of UI forms with ActiveX controls must be enforced.
V-17668 Medium InfoPath 2003 forms as email forms in InfoPath 2013 must be disallowed.
V-26697 Medium The InfoPath APTCA Assembly Allowable List must be enforced.
V-17611 Medium Email with InfoPath forms must be configured to show UI to recipients.
V-26619 Medium InfoPath email forms in Outlook must be disallowed.
V-26618 Medium InfoPath must be enforced to not use email forms from the Intranet security zone.
V-17658 Medium Disabling of Fully Trusted Solutions access to computers must be configured.
V-17657 Medium Disabling email forms running in Restricted Security Level must be configured.
V-17656 Medium Disabling email forms from the Internet Security Zone must be configured.
V-17655 Medium Disabling of email forms from the Full Trust Security Zone must be configured.
V-17654 Medium Disable dynamic caching of the form template in InfoPath eMail forms.
V-17758 Medium Offline Mode capability to cache queries for offline mode must be configured.
V-26589 Medium Add-ins to Office applications must be signed by a Trusted Publisher.
V-26621 Medium A form that is digitally signed must be displayed with a warning.
V-17471 Medium All automatic loading from Trusted Locations must be disabled.
V-17576 Medium Redirection behavior for upgraded web sites by SharePoint must be blocked.