UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Microsoft Office System 2013 STIG


Overview

Date Finding Count (47)
2017-06-20 CAT I (High): 0 CAT II (Med): 47 CAT III (Low): 0
STIG Description
The Microsoft Office System 2013 STIG is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the NIST 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Classified)

Finding ID Severity Title
V-17765 Medium Changing permissions on rights managed content for users must be enforced.
V-40859 Medium The Enable Updates and Disable Updates options in the UI must be hidden from users.
V-17731 Medium Connection verification of permissions must be enforced.
V-17583 Medium Office must be configured to not allow read with browsers.
V-17581 Medium Blogging entries created from inside Office products must be configured for SharePoint only.
V-17665 Medium Passwords for secured documents must be enforced.
V-17749 Medium Legacy format signatures must be enabled.
V-17605 Medium Document Information panel Beaconing must show UI.
V-17660 Medium Inclusion of document properties for PDF and XPS output must be disallowed.
V-17661 Medium The Internet Fax Feature must be disabled.
V-40879 Medium The ability to create an online presentation programmatically must be disabled.
V-17768 Medium Document metadata for password protected files must be protected.
V-17741 Medium Automation Security to enforce macro level security in Office documents must be configured.
V-17627 Medium The Help Improve Proofing Tools feature for Office must be configured.
V-40875 Medium Office Presentation Service must be removed as an option for presenting PowerPoint and Word online.
V-17669 Medium Smart Documents use of Manifests in Office must be disallowed.
V-40858 Medium Office automatic updates must be enabled for Office products installed via Click-to-Run and configured to use a Trusted site.
V-26704 Medium Encrypt document properties must be configured for OLE documents.
V-17740 Medium Automatic receiving of small updates to improve reliability must be disallowed.
V-17547 Medium ActiveX control initialization must be disabled.
V-17560 Medium A mix of policy and user locations for Office Products must be disallowed.
V-17773 Medium Relying on Vector markup Language (VML) for displaying graphics in browsers must be disallowed.
V-17590 Medium Trust Bar notifications for Security messages must be enforced.
V-17612 Medium The Customer Experience Improvement Program for Office must be disabled.
V-40862 Medium The ability to sign into Office365 must be disabled.
V-17759 Medium Documents must be configured to not open as Read Write when browsing.
V-17617 Medium The encryption type for password protected Office 97 thru Office 2003 must be set.
V-26630 Medium Online content options must be configured for offline content availability.
V-17750 Medium Load controls in forms3 must be disabled from loading.
V-17805 Medium External Signature Services Menu for Office must be suppressed.
V-40884 Medium Roaming settings must be stored locally and not synchronized to the Microsoft Office roaming settings web service.
V-40860 Medium The video informing a user about signing into Office365 must be disabled.
V-17659 Medium Hyperlink warnings for Office must be configured for use.
V-40861 Medium The first-run prompt to sign into Office365 must be disabled.
V-17670 Medium Office client polling of SharePoint servers published links must be disabled.
V-17664 Medium The Opt-In Wizard must be disabled.
V-40863 Medium The ability to automatically hyperlink screenshots within Word, PowerPoint, Excel and Outlook must be disabled.
V-40864 Medium The prompt to save to OneDrive (formerly SkyDrive) must be disabled.
V-17619 Medium The encryption type for password protected Open XML files must be set.
V-40886 Medium The Office Telemetry Agent must be configured to obfuscate the file name, file path, and title of Office documents before uploading telemetry data to the shared folder.
V-40887 Medium The Office Telemetry Agent and Office applications must be configured to collect telemetry data.
V-17769 Medium Rights managed Office Open XML files must be protected.
V-40885 Medium The ability of the Office Telemetry Agent to periodically upload telemetry data to a shared folder must be disabled.
V-40882 Medium The ability to run unsecure Office apps must be disabled.
V-40883 Medium Users must be prevented from using or inserting apps that come from the Office Store.
V-40880 Medium When using the Office Feedback tool, the ability to include a screenshot must be disabled.
V-40881 Medium The Office Feedback tool must be disabled.