From Microsoft Office System 2016 Security Technical Implementation Guide
Part of SRG-APP-000516
Associated with: CCI-000366
This policy setting allows users to run unsecure web add-in, which are add-ins that have web page or catalog locations that are not SSL-secured (https://), and are not in users' Internet zones. If you enable this policy setting, users can run unsecure apps. To enable specific unsecure web add-ins, you must also configure the Trusted Web add-in Catalog policy settings to trust the catalogs that contains those Add-ins. If you disable or do not configure this policy setting, unsecure web add-ins are not allowed.
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2016 -> Security Settings -> Trust Center -> Trusted Catalogs "Allow Unsecure web add-ins and Catalogs" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\Microsoft\office\16.0\wef\trustedcatalogs Criteria: If the value requireserververification is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2016 -> Security Settings -> Trust Center -> Trusted Catalogs "Allow Unsecure web add-ins and Catalogs" to "Disabled".
Lavender hyperlinks in small type off to the right (of CSS
id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header
Powered by sagemincer