| V-70867 | Medium | The encryption type for password protected Office 97 thru Office 2003 must be set. | If unencrypted files are intercepted, sensitive information in the files can be compromised. To protect information confidentiality, Microsoft Office application files can be encrypted and... |
| V-70875 | Medium | A mix of policy and user locations for Office Products must be disallowed. | When Microsoft Office files are opened from trusted locations, all the content in the files is enabled and active. Users are not notified about any potential risks that might be contained in the... |
| V-70865 | Medium | The encryption type for password protected Open XML files must be set. | If unencrypted files are intercepted, sensitive information in the files can be compromised. To protect information confidentiality, Microsoft Office application files can be encrypted and... |
| V-70877 | Medium | Smart Documents use of Manifests in Office must be disallowed. | An XML expansion pack is the group of files that constitutes a Smart Document in Excel and Word. One or more components that provide the logic needed for a Smart Document are packaged by using an... |
| V-70863 | Medium | Document metadata for password protected files must be protected. | When an Office Open XML document is protected with a password and saved, any metadata associated with the document is encrypted along with the rest of the document's contents. If this... |
| V-70871 | Medium | Load controls in forms3 must be disabled from loading. | ActiveX controls are Component Object Model (COM) objects and have unrestricted access to users' computers. ActiveX controls can access the local file system and change the registry settings of... |
| V-70861 | Medium | Rights managed Office Open XML files must be protected. | When Information Rights Management (IRM) is used to restrict access to an Office Open XML document, any metadata associated with the document is not encrypted. This configuration could allow... |
| V-70859 | Medium | Trust Bar notifications for Security messages must be enforced. | The Message Bar in Office applications is used to identify security issues, such as unsigned macros or potentially unsafe add-ins. When such issues are detected, the application disables the... |
| V-70885 | Medium | Encrypt document properties must be configured for OLE documents.
| This policy setting allows a document's properties to be encrypted. This applies to OLE documents (Office 97-2003 compatible) if the application is configured for CAPI RC4. Disabling this... |
| V-70893 | Medium | When using the Office Feedback tool, the ability to include a screenshot must be disabled. | The "Office Feedback" tool, also called "Send-a-Smile", allows a user to click on an icon and send feedback to Microsoft. The "Office Feedback" Tool must be configured to be disabled. In the event... |
| V-70873 | Medium | Automation Security to enforce macro level security in Office documents must be configured. | When a separate program is used to launch Microsoft Office Excel, PowerPoint, or Word programmatically, any macros can run in the programmatically opened application without being blocked. This... |
| V-70881 | Medium | Connection verification of permissions must be enforced. | Users are not required to connect to the network to verify permissions. If users do not need their licenses confirmed when attempting to open Office documents, they might be able to access... |
| V-70897 | Medium | The Office Telemetry Agent must be configured to obfuscate the file name, file path, and title of Office documents before uploading telemetry data to the shared folder. | This policy setting configures the Office Telemetry Agent to disguise, or obfuscate, certain file properties that are reported in telemetry data. If this policy setting is enabled, Office... |
| V-70869 | Medium | ActiveX control initialization must be disabled. | ActiveX controls can adversely affect a computer directly. In addition, malicious code can be used to compromise an ActiveX control and attack a computer. To indicate the safety of an ActiveX... |
| V-70895 | Medium | The ability to run unsecure Office apps must be disabled. | Unsecure apps for Office, which are apps that have web page or catalog locations that are not SSL-secured (https://), and/or are not in users' Internet zones may allow data to be... |
| V-70899 | Medium | The ability to send personal information to Office must be disabled. | This policy setting controls whether users can send personal information to Office. When users choose to send information Office 2016 applications automatically send information to Office. If you... |
| V-70883 | Medium | Inclusion of document properties for PDF and XPS output must be disallowed. | If the Microsoft Save as PDF or XPS Add-in for Microsoft Office Programs is installed, document properties are saved as metadata when users save or publish files using the PDF or XPS commands in... |
| V-70855 | Medium | The Help Improve Proofing Tools feature for Office must be configured. | The "Help Improve Proofing Tools" feature collects data about use of the Proofing Tools, such as additions to the custom dictionary, and sends it to Microsoft. After about six months, the feature... |
| V-70889 | Medium | Office Presentation Service must be removed as an option for presenting PowerPoint and Word online. | The Office Presentation Service is a free, public service that allows others to follow along in a web browser. Allowing this feature could result in presentations with DoD FOUO, PII and other... |
| V-70891 | Medium | The ability to create an online presentation programmatically must be disabled. | Allowing online presentations to be created programmatically allows for the capability of malicious content to become imbedded in those programmatically created presentations. |
