UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Microsoft Excel 2013 STIG


Overview

Date Finding Count (47)
2014-04-03 CAT I (High): 0 CAT II (Med): 46 CAT III (Low): 1
STIG Description
The Microsoft Excel 2013 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil.

Available Profiles



Findings (MAC III - Administrative Public)

Finding ID Severity Title
V-17187 Medium Trust Bar Notifications for unsigned application add-ins must be blocked.
V-17184 Medium Links that invoke instances of Internet Explorer from within an Office product must be blocked.
V-17183 Medium Navigation to URLs embedded in Office products must be blocked.
V-17652 Medium Automatic republish to web pages must be disallowed.
V-17732 Medium The Update of automatic links setting must be configured to prompt user before allowing links to be updated.
V-26625 Medium Excel 2013 application must be prevented from loading any custom user interface (UI) code.
V-17744 Medium The AutoRepublish warning alert must be provided.
V-17621 Medium File types must be configured to provide mismatch warnings
V-26608 Medium Open/Save actions for Excel 4 workbooks must be blocked.
V-26609 Medium Open/Save actions for Excel 4 worksheets must be blocked.
V-17521 Medium The Save commands default file format must be configured.
V-17520 Medium Disallowance of trusted locations on the network must be enforced.
V-17522 Medium Trust access for VBA must be disallowed.
V-17173 Medium Disabling of user name and password syntax from being used in URLs must be enforced.
V-17174 Medium Internet Explorer Bind to Object functionality must be enabled.
V-17175 Medium The Saved from URL mark must be selected to enforce Internet zone processing.
V-26598 Medium Open/Save actions for Excel 2 worksheets must be blocked.
V-26599 Medium Open/Save actions for Excel 3 macrosheets and add-in files must be blocked.
V-17545 Medium Warning Bar settings for VBA macros must be configured.
V-26592 Medium Configuration for file validation must be enforced.
V-26595 Medium Open/Save actions for dBase III / IV files must be blocked.
V-26596 Medium Open/Save actions for Dif and Sylk files must be blocked.
V-26597 Medium Open/Save actions for Excel 2 macrosheets and add-in files must be blocked.
V-26607 Medium Open/Save actions for Excel 4 macrosheets and add-in files must be blocked.
V-17804 Medium Macro storage must be in personal macro workbooks.
V-17751 Medium The loading of images from web pages must not be allowed.
V-17650 Medium Internet links and Network UNCs created as embedded hyperlinks must be prevented.
V-17322 Medium The opening of pre-release versions of file formats new to Excel 2013 through the Compatibility Pack for Office 2013 and Excel 2013 Converter must be blocked.
V-26612 Medium Blocking as default file block opening behavior must be enforced.
V-26611 Medium Actions for Excel 95-97 workbooks and templates must be configured to edit in Protected View.
V-26610 Medium Actions for Excel 95 workbooks must be configured to edit in Protected View.
V-26617 Medium Excel attachments opened from Outlook must be in Protected View.
V-26616 Medium Document behavior if file validation fails must be set.
V-26615 Medium Files in unsafe locations must be opened in Protected View.
V-26614 Medium Files from the Internet zone must be opened in Protected View.
V-26589 Medium Add-ins to Office applications must be signed by a Trusted Publisher.
V-26588 Medium Scripted Window Security must be enforced.
V-17473 Medium The scanning of encrypted macros in open XML documents must be enforced.
V-17471 Medium All automatic loading from trusted locations must be disabled.
V-26601 Medium Open/Save actions for Excel 3 worksheets must be blocked.
V-41346 Medium Corrupt workbook options must be disallowed.
V-41344 Medium WEBSERVICE functions must be disabled.
V-26587 Medium File downloads must be configured for proper restrictions.
V-26586 Medium ActiveX Installs must be configured for proper restriction.
V-26585 Medium Protection from zone elevation must be enforced.
V-26584 Medium Add-on Management functionality must be allowed.
V-26613 Low Open/Save actions for web pages and Excel 2003 XML spreadsheets must be blocked.