UCF STIG Viewer Logo

Microsoft OneDrive for Business 2016 Security Technical Implementation Guide


Overview

Date Finding Count (13)
2016-11-02 CAT I (High): 0 CAT II (Med): 13 CAT III (Low): 0
STIG Description
The Microsoft OneDrive for Business 2016 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the NIST 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-71317 Medium File Downloads must be configured for proper restrictions.
V-71313 Medium Links that invoke instances of Internet Explorer from within an Office product must be blocked.
V-71311 Medium Add-on Management functionality must be allowed.
V-71305 Medium Navigation to URLs embedded in Office products must be blocked.
V-71297 Medium Disabling of user name and password syntax from being used in URLs must be enforced.
V-71319 Medium Protection from zone elevation must be enforced.
V-71309 Medium Scripted Window Security must be enforced.
V-71301 Medium Enabling IE Bind to Object functionality must be present.
V-71327 Medium Users must be prevented from using the remote fetch feature to access files on the machine (64 bit).
V-71303 Medium Saved from URL mark to assure Internet zone processing must be enforced.
V-71323 Medium Users must be prevented from using the remote fetch feature to access files on the machine (32 bit).
V-71331 Medium Users must be prevented from configuring personal OneDrive accounts.
V-71321 Medium ActiveX Installs must be configured for proper restriction.