UCF STIG Viewer Logo

Microsoft Excel 2013 STIG


Date Finding Count (47)
2018-04-03 CAT I (High): 0 CAT II (Med): 46 CAT III (Low): 1
STIG Description
The Microsoft Excel 2013 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles

Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-17187 Medium Trust Bar Notifications for unsigned application add-ins must be blocked.
V-17184 Medium Links that invoke instances of Internet Explorer from within an Office product must be blocked.
V-17183 Medium Navigation to URLs embedded in Office products must be blocked.
V-17652 Medium Automatic republish to web pages must be disallowed.
V-17732 Medium The Update of automatic links setting must be configured to prompt user before allowing links to be updated.
V-17744 Medium The AutoRepublish warning alert must be provided.
V-17621 Medium File types must be configured to provide mismatch warnings
V-26608 Medium Open/Save actions for Excel 4 workbooks must be blocked.
V-26609 Medium Open/Save actions for Excel 4 worksheets must be blocked.
V-17521 Medium The Save commands default file format must be configured.
V-17520 Medium Disallowance of trusted locations on the network must be enforced.
V-17522 Medium Trust access for VBA must be disallowed.
V-17173 Medium Disabling of user name and password syntax from being used in URLs must be enforced.
V-17174 Medium Internet Explorer Bind to Object functionality must be enabled.
V-17175 Medium The Saved from URL mark must be selected to enforce Internet zone processing.
V-26598 Medium Open/Save actions for Excel 2 worksheets must be blocked.
V-26599 Medium Open/Save actions for Excel 3 macrosheets and add-in files must be blocked.
V-17545 Medium Warning Bar settings for VBA macros must be configured.
V-26592 Medium Configuration for file validation must be enforced.
V-26595 Medium Open/Save actions for dBase III / IV files must be blocked.
V-26596 Medium Open/Save actions for Dif and Sylk files must be blocked.
V-26597 Medium Open/Save actions for Excel 2 macrosheets and add-in files must be blocked.
V-72831 Medium Macros must be blocked from running in Office 2013 files from the Internet.
V-26607 Medium Open/Save actions for Excel 4 macrosheets and add-in files must be blocked.
V-17804 Medium Macro storage must be in personal macro workbooks.
V-17751 Medium The loading of images from web pages must not be allowed.
V-17650 Medium Internet links and Network UNCs created as embedded hyperlinks must be prevented.
V-17322 Medium The opening of pre-release versions of file formats new to Excel 2013 through the Compatibility Pack for Office 2013 and Excel 2013 Converter must be blocked.
V-26612 Medium Blocking as default file block opening behavior must be enforced.
V-26611 Medium Actions for Excel 95-97 workbooks and templates must be configured to edit in Protected View.
V-26610 Medium Actions for Excel 95 workbooks must be configured to edit in Protected View.
V-26617 Medium Excel attachments opened from Outlook must be in Protected View.
V-26616 Medium Document behavior if file validation fails must be set.
V-26615 Medium Files in unsafe locations must be opened in Protected View.
V-26614 Medium Files from the Internet zone must be opened in Protected View.
V-26589 Medium Add-ins to Office applications must be signed by a Trusted Publisher.
V-26588 Medium Scripted Window Security must be enforced.
V-17473 Medium The scanning of encrypted macros in open XML documents must be enforced.
V-17471 Medium All automatic loading from trusted locations must be disabled.
V-26601 Medium Open/Save actions for Excel 3 worksheets must be blocked.
V-41346 Medium Corrupt workbook options must be disallowed.
V-41344 Medium WEBSERVICE functions must be disabled.
V-26587 Medium File downloads must be configured for proper restrictions.
V-26586 Medium ActiveX Installs must be configured for proper restriction.
V-26585 Medium Protection from zone elevation must be enforced.
V-26584 Medium Add-on Management functionality must be allowed.
V-26613 Low Open/Save actions for web pages and Excel 2003 XML spreadsheets must be blocked.