Attackers could use InfoPath solutions published to Internet Web sites to try to obtain sensitive information from users. By default, users can open InfoPath solutions that do not contain managed code from sources located in the Internet security zone as defined in the Internet Options dialog box in Internet Explorer.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2013 -> Security -> 'Disable opening of solutions from the Internet security zone' to 'Enabled'.
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.