Back

Configure the "Do not preserve zone information in file attachments" setting.


CONTROL ID
04357
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure the system security parameters to prevent system misuse or information misappropriation., CC ID: 00881

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • This setting marks attachments with information about their zone of origin. The Do Not Preserve Zone Information In File Attachments setting should be Disabled. (Pg 97, Microsoft Windows Vista Security Guide Appendix A: Security Group Policy Settings)
  • File attachments should be marked with their origin zone so Windows can determine the risk associated with the file. The "Do not preserve zone information in file attachments" value should be set to Disabled. The "HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZ… (§ 3.7.2.1 (5.134), DISA Windows VISTA Security Checklist, Version 6 Release 1.11)
  • This setting marks attachments with information about their zone of origin. The Do Not Preserve Zone Information In File Attachments setting should be Disabled. (Pg 128, NSA Guide to Security Microsoft Windows XP)