UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Microsoft Excel 2016 Security Technical Implementation Guide


Overview

Date Finding Count (41)
2017-09-19 CAT I (High): 0 CAT II (Med): 41 CAT III (Low): 0
STIG Description
The Microsoft Excel 2016 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Sensitive)

Finding ID Severity Title
V-70997 Medium Add-ins to Office applications must be signed by a Trusted Publisher.
V-70995 Medium Add-on Management functionality must be allowed.
V-70993 Medium Scripted Window Security must be enforced.
V-70991 Medium Navigation to URLs embedded in Office products must be blocked.
V-70999 Medium Links that invoke instances of Internet Explorer from within an Office product must be blocked.
V-71015 Medium The scanning of encrypted macros in open XML documents must be enforced.
V-71017 Medium Macro storage must be in personal macro workbooks.
V-71011 Medium The Save commands default file format must be configured.
V-71019 Medium Trust access for VBA must be disallowed.
V-71039 Medium Macros must be blocked from running in Office files from the Internet.
V-70969 Medium Enabling IE Bind to Object functionality must be present.
V-71033 Medium Warning Bar settings for VBA macros must be configured.
V-70963 Medium Actions for Excel 95 workbooks must be configured to edit in Protected View.
V-71031 Medium Excel attachments opened from Outlook must be in Protected View.
V-70961 Medium Open/Save actions for Excel 4 worksheets must be blocked.
V-71037 Medium Corrupt workbook options must be disallowed.
V-70967 Medium Blocking as default file block opening behavior must be enforced.
V-71035 Medium WEBSERVICE functions must be disabled.
V-70965 Medium Actions for Excel 95-97 workbooks and templates must be configured to edit in Protected View.
V-70985 Medium Open/Save actions for web pages and Excel 2003 XML spreadsheets must be blocked.
V-70987 Medium Files from the Internet zone must be opened in Protected View.
V-70981 Medium Saved from URL mark to assure Internet zone processing must be enforced.
V-70983 Medium Configuration for file validation must be enforced.
V-70989 Medium Open/Save actions for dBase III / IV files must be blocked.
V-71003 Medium File Downloads must be configured for proper restrictions.
V-71001 Medium Trust Bar Notifications for unsigned application add-ins must be blocked.
V-71007 Medium Disallowance of trusted locations on the network must be enforced.
V-71005 Medium All automatic loading from trusted locations must be disabled.
V-70957 Medium Open/Save actions for Excel 4 macrosheets and add-in files must be blocked.
V-71029 Medium Document behavior if file validation fails must be set.
V-70979 Medium Open/Save actions for Excel 3 worksheets must be blocked.
V-70955 Medium Disabling of user name and password syntax from being used in URLs must be enforced.
V-70975 Medium Open/Save actions for Excel 2 worksheets must be blocked.
V-70959 Medium Open/Save actions for Excel 4 workbooks must be blocked.
V-71023 Medium Protection from zone elevation must be enforced.
V-70971 Medium Open/Save actions for Dif and Sylk files must be blocked.
V-71025 Medium ActiveX Installs must be configured for proper restriction.
V-70973 Medium Open/Save actions for Excel 2 macrosheets and add-in files must be blocked.
V-71027 Medium Files in unsafe locations must be opened in Protected View.
V-71639 Medium Files on local Intranet UNC must be opened in Protected View.
V-70977 Medium Open/Save actions for Excel 3 macrosheets and add-in files must be blocked.