UCF STIG Viewer Logo

Microsoft Office System 2016 Security Technical Implementation Guide


Date Finding Count (20)
2021-12-17 CAT I (High): 0 CAT II (Med): 20 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles

Findings (MAC III - Administrative Public)

Finding ID Severity Title
V-238024 Medium The Help Improve Proofing Tools feature for Office must be configured.
V-238027 Medium Document metadata for password protected files must be protected.
V-238042 Medium The Office Telemetry Agent must be configured to obfuscate the file name, file path, and title of Office documents before uploading telemetry data to the shared folder.
V-238043 Medium The ability to send personal information to Office must be disabled.
V-238040 Medium When using the Office Feedback tool, the ability to include a screenshot must be disabled.
V-238041 Medium The ability to run unsecure Office web add-ins and Catalogs must be disabled.
V-238025 Medium Trust Bar notifications for Security messages must be enforced.
V-238028 Medium The encryption type for password protected Open XML files must be set.
V-238029 Medium The encryption type for password protected Office 97 thru Office 2003 must be set.
V-238039 Medium The ability to create an online presentation programmatically must be disabled.
V-238038 Medium Office Presentation Service must be removed as an option for presenting PowerPoint and Word online.
V-238026 Medium Rights managed Office Open XML files must be protected.
V-238033 Medium A mix of policy and user locations for Office Products must be disallowed.
V-238032 Medium Automation Security to enforce macro level security in Office documents must be configured.
V-238031 Medium Load controls in forms3 must be disabled from loading.
V-238030 Medium ActiveX control initialization must be disabled.
V-238037 Medium Encrypt document properties must be configured for OLE documents.
V-238036 Medium Inclusion of document properties for PDF and XPS output must be disallowed.
V-238035 Medium Connection verification of permissions must be enforced.
V-238034 Medium Smart Documents use of Manifests in Office must be disallowed.