2.3.31.1 (L1) Ensure 'Legacy format signatures' is set to 'Disabled'

Information

This policy setting controls whether users can apply binary format digital signatures to Office 97-2003 documents.

The recommended state for this setting is: Disabled

By default, Office applications use the XML-based XMLDSIG format to attach digital signatures to documents, including Office 97-2003 binary documents. XMLDSIG signatures are not recognized by Office 2003 applications or previous versions. If an Office 2003 user opens an Excel, PowerPoint, or Word binary document with an XMLDSIG signature attached, the signature will be lost.

Solution

To establish the recommended state via configuration profiles, set the following Settings Catalog path to Disabled :

Microsoft Office 2016\Signing\Legacy format signatures

Impact:

Enabling this setting is not likely to cause significant usability issues for most Office users.

See Also

https://workbench.cisecurity.org/benchmarks/15808

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-7(6)

Plugin: Windows

Control ID: 724d6de770ddfc07f7f1f5eaaefdb2190a97787eef3cd4188485e0a655bae7fc