UCF STIG Viewer Logo

Microsoft Office System 2013 Security Technical Implementation Guide


Date Finding Count (47)
2020-09-25 CAT I (High): 0 CAT II (Med): 47 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles

Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-228546 Medium The ability to create an online presentation programmatically must be disabled.
V-228547 Medium Document metadata for password protected files must be protected.
V-228544 Medium Relying on Vector markup Language (VML) for displaying graphics in browsers must be disallowed.
V-228532 Medium Online content options must be configured for offline content availability.
V-228531 Medium The Internet Fax Feature must be disabled.
V-228530 Medium Automatic receiving of small updates to improve reliability must be disallowed.
V-228528 Medium The Opt-In Wizard must be disabled.
V-228529 Medium The Customer Experience Improvement Program for Office must be disabled.
V-228524 Medium The Enable Updates and Disable Updates options in the UI must be hidden from users.
V-228525 Medium When using the Office Feedback tool, the ability to include a screenshot must be disabled.
V-228526 Medium The ability to run unsecure Office apps must be disabled.
V-228527 Medium The Office Telemetry Agent must be configured to obfuscate the file name, file path, and title of Office documents before uploading telemetry data to the shared folder.
V-228520 Medium Legacy format signatures must be enabled.
V-228521 Medium External Signature Services Menu for Office must be suppressed.
V-228522 Medium Inclusion of document properties for PDF and XPS output must be disallowed.
V-228523 Medium Blogging entries created from inside Office products must be configured for SharePoint only.
V-228560 Medium Rights managed Office Open XML files must be protected.
V-228561 Medium Encrypt document properties must be configured for OLE documents.
V-228562 Medium Office automatic updates must be enabled for Office products installed via Click-to-Run and configured to use a Trusted site.
V-228545 Medium Automation Security to enforce macro level security in Office documents must be configured.
V-228542 Medium The Office Telemetry Agent and Office applications must be configured to collect telemetry data.
V-228543 Medium Documents must be configured to not open as Read Write when browsing.
V-228540 Medium Roaming settings must be stored locally and not synchronized to the Microsoft Office roaming settings web service.
V-228541 Medium The ability of the Office Telemetry Agent to periodically upload telemetry data to a shared folder must be disabled.
V-228548 Medium The encryption type for password protected Open XML files must be set.
V-228549 Medium The encryption type for password protected Office 97 thru Office 2003 must be set.
V-228537 Medium The prompt to save to OneDrive (formerly SkyDrive) must be disabled.
V-228536 Medium The ability to automatically hyperlink screenshots within Word, PowerPoint, Excel and Outlook must be disabled.
V-228535 Medium The ability to sign into Office365 must be disabled.
V-228534 Medium The first-run prompt to sign into Office365 must be disabled.
V-228533 Medium The video informing a user about signing into Office365 must be disabled.
V-228518 Medium A mix of policy and user locations for Office Products must be disallowed.
V-228559 Medium Document Information panel Beaconing must show UI.
V-228558 Medium Hyperlink warnings for Office must be configured for use.
V-228517 Medium The Help Improve Proofing Tools feature for Office must be configured.
V-228516 Medium Office client polling of SharePoint servers published links must be disabled.
V-228519 Medium Smart Documents use of Manifests in Office must be disallowed.
V-228539 Medium The Office Feedback tool must be disabled.
V-228538 Medium Office Presentation Service must be removed as an option for presenting PowerPoint and Word online.
V-228551 Medium Trust Bar notifications for Security messages must be enforced.
V-228550 Medium Passwords for secured documents must be enforced.
V-228553 Medium Users must be prevented from using or inserting apps that come from the Office Store.
V-228552 Medium Load controls in forms3 must be disabled from loading.
V-228555 Medium Office must be configured to not allow read with browsers.
V-228554 Medium Changing permissions on rights managed content for users must be enforced.
V-228557 Medium ActiveX control initialization must be disabled.
V-228556 Medium Connection verification of permissions must be enforced.