UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Microsoft Office System 2016 Security Technical Implementation Guide


Overview

Date Finding Count (20)
2021-06-23 CAT I (High): 0 CAT II (Med): 20 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Classified)

Finding ID Severity Title
V-238024 Medium The Help Improve Proofing Tools feature for Office must be configured.
V-238027 Medium Document metadata for password protected files must be protected.
V-238042 Medium The Office Telemetry Agent must be configured to obfuscate the file name, file path, and title of Office documents before uploading telemetry data to the shared folder.
V-238043 Medium The ability to send personal information to Office must be disabled.
V-238040 Medium When using the Office Feedback tool, the ability to include a screenshot must be disabled.
V-238041 Medium The ability to run unsecure Office web add-ins and Catalogs must be disabled.
V-238025 Medium Trust Bar notifications for Security messages must be enforced.
V-238028 Medium The encryption type for password protected Open XML files must be set.
V-238029 Medium The encryption type for password protected Office 97 thru Office 2003 must be set.
V-238039 Medium The ability to create an online presentation programmatically must be disabled.
V-238038 Medium Office Presentation Service must be removed as an option for presenting PowerPoint and Word online.
V-238026 Medium Rights managed Office Open XML files must be protected.
V-238033 Medium A mix of policy and user locations for Office Products must be disallowed.
V-238032 Medium Automation Security to enforce macro level security in Office documents must be configured.
V-238031 Medium Load controls in forms3 must be disabled from loading.
V-238030 Medium ActiveX control initialization must be disabled.
V-238037 Medium Encrypt document properties must be configured for OLE documents.
V-238036 Medium Inclusion of document properties for PDF and XPS output must be disallowed.
V-238035 Medium Connection verification of permissions must be enforced.
V-238034 Medium Smart Documents use of Manifests in Office must be disallowed.