UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Microsoft Excel 2016 Security Technical Implementation Guide


Overview

Date Finding Count (41)
2024-02-21 CAT I (High): 0 CAT II (Med): 41 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Public)

Finding ID Severity Title
V-238158 Medium Open/Save actions for Excel 4 worksheets must be blocked.
V-238159 Medium Actions for Excel 95 workbooks must be configured to edit in Protected View.
V-238178 Medium Trust Bar Notifications for unsigned application add-ins must be blocked.
V-238179 Medium File Downloads must be configured for proper restrictions.
V-238176 Medium Add-ins to Office applications must be signed by a Trusted Publisher.
V-238177 Medium Links that invoke instances of Internet Explorer from within an Office product must be blocked.
V-238174 Medium Scripted Window Security must be enforced.
V-238175 Medium Add-on Management functionality must be allowed.
V-238172 Medium Open/Save actions for dBase III / IV files must be blocked.
V-238155 Medium Disabling of user name and password syntax from being used in URLs must be enforced.
V-238156 Medium Open/Save actions for Excel 4 macrosheets and add-in files must be blocked.
V-238157 Medium Open/Save actions for Excel 4 workbooks must be blocked.
V-238173 Medium Navigation to URLs embedded in Office products must be blocked.
V-238170 Medium Open/Save actions for web pages and Excel 2003 XML spreadsheets must be blocked.
V-238189 Medium Document behavior if file validation fails must be set.
V-238188 Medium Files in unsafe locations must be opened in Protected View.
V-238187 Medium ActiveX Installs must be configured for proper restriction.
V-238186 Medium Protection from zone elevation must be enforced.
V-238185 Medium Trust access for VBA must be disallowed.
V-238171 Medium Files from the Internet zone must be opened in Protected View.
V-238183 Medium The scanning of encrypted macros in open XML documents must be enforced.
V-238182 Medium The Save commands default file format must be configured.
V-238181 Medium Disallowance of trusted locations on the network must be enforced.
V-238180 Medium All automatic loading from trusted locations must be disabled.
V-238161 Medium Blocking as default file block opening behavior must be enforced.
V-238160 Medium Actions for Excel 95-97 workbooks and templates must be configured to edit in Protected View.
V-238163 Medium Open/Save actions for Dif and Sylk files must be blocked.
V-238162 Medium Enabling IE Bind to Object functionality must be present.
V-238165 Medium Open/Save actions for Excel 2 worksheets must be blocked.
V-238164 Medium Open/Save actions for Excel 2 macrosheets and add-in files must be blocked.
V-238167 Medium Open/Save actions for Excel 3 worksheets must be blocked.
V-238166 Medium Open/Save actions for Excel 3 macrosheets and add-in files must be blocked.
V-238169 Medium Configuration for file validation must be enforced.
V-238168 Medium Saved from URL mark to assure Internet zone processing must be enforced.
V-238184 Medium Macro storage must be in personal macro workbooks.
V-238194 Medium Macros must be blocked from running in Office files from the Internet.
V-238195 Medium Files on local Intranet UNC must be opened in Protected View.
V-238190 Medium Excel attachments opened from Outlook must be in Protected View.
V-238191 Medium Warning Bar settings for VBA macros must be configured.
V-238192 Medium WEBSERVICE functions must be disabled.
V-238193 Medium Corrupt workbook options must be disallowed.