UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Microsoft Office System 2016 Security Technical Implementation Guide


Overview

Date Finding Count (20)
2016-11-02 CAT I (High): 0 CAT II (Med): 20 CAT III (Low): 0
STIG Description
The Microsoft Office System 2016 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the NIST 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Public)

Finding ID Severity Title
V-70867 Medium The encryption type for password protected Office 97 thru Office 2003 must be set.
V-70875 Medium A mix of policy and user locations for Office Products must be disallowed.
V-70865 Medium The encryption type for password protected Open XML files must be set.
V-70877 Medium Smart Documents use of Manifests in Office must be disallowed.
V-70863 Medium Document metadata for password protected files must be protected.
V-70871 Medium Load controls in forms3 must be disabled from loading.
V-70861 Medium Rights managed Office Open XML files must be protected.
V-70859 Medium Trust Bar notifications for Security messages must be enforced.
V-70885 Medium Encrypt document properties must be configured for OLE documents.
V-70893 Medium When using the Office Feedback tool, the ability to include a screenshot must be disabled.
V-70873 Medium Automation Security to enforce macro level security in Office documents must be configured.
V-70881 Medium Connection verification of permissions must be enforced.
V-70897 Medium The Office Telemetry Agent must be configured to obfuscate the file name, file path, and title of Office documents before uploading telemetry data to the shared folder.
V-70869 Medium ActiveX control initialization must be disabled.
V-70895 Medium The ability to run unsecure Office web add-ins and Catalogs must be disabled.
V-70899 Medium The ability to send personal information to Office must be disabled.
V-70883 Medium Inclusion of document properties for PDF and XPS output must be disallowed.
V-70855 Medium The Help Improve Proofing Tools feature for Office must be configured.
V-70889 Medium Office Presentation Service must be removed as an option for presenting PowerPoint and Word online.
V-70891 Medium The ability to create an online presentation programmatically must be disabled.