UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Microsoft Word 2010


Overview

Date Finding Count (36)
2015-04-16 CAT I (High): 0 CAT II (Med): 36 CAT III (Low): 0
STIG Description
Settings in this guidance assume a complete installation of Microsoft Office 2010 on the Windows 7 Platform. Registry paths and values identified in each control assume the use of Group Policy Administrative Templates. Installations not using Group Policies to administer Microsoft Office products may observe alternate registry paths for stored configuration values. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Public)

Finding ID Severity Title
V-17187 Medium Trust Bar Notifications for unsigned application add-ins must be blocked.
V-17184 Medium Links that invoke instances of IE from within an Office product must be blocked.
V-17183 Medium Navigation to URL's embedded in Office products must be blocked.
V-17811 Medium The automatically update links feature must be configured as off.
V-17813 Medium A warning before printing that the document contains tracking changes must be provided.
V-26615 Medium Files in unsafe locations must be opened in Protected View.
V-26625 Medium Disable UI extending from documents and templates must be disallowed.
V-26614 Medium Files from the Internet zone must be opened in Protected View.
V-17521 Medium Save files default format must be configured.
V-17520 Medium Disallowance of Trusted Locations on the network must be enforced.
V-17522 Medium Trust access for VBA must be disallowed.
V-17173 Medium Disabling of user name and password syntax from being used in URLs must be enforced.
V-26648 Medium Online translation dictionaries must be in use.
V-17174 Medium Enabling IE Bind to Object functionality must be present.
V-17175 Medium Saved from URL mark to assure Internet zone processing must be enforced.
V-17545 Medium Warning Bar settings for VBA macros must be configured.
V-26590 Medium Data Execution Prevention must be enforced.
V-26592 Medium Configuration for file validation must be enforced.
V-17322 Medium Pre-release versions of file formats new to Office Products must be blocked.
V-26657 Medium Word 95 binary documents and templates must be configured to edit in protected view.
V-26656 Medium Word 6.0 binary documents and templates must be configured for block open/save actions.
V-26654 Medium Word 2000 binary documents and templates must be configured to edit in protected view.
V-26653 Medium Word 2 and earlier binary documents and templates must be blocked for open/save.
V-26612 Medium Blocking as default file block opening behavior must be enforced.
V-26617 Medium Attachments opened from Outlook must be in Protected View.
V-26616 Medium Document behavior if file validation fails must be set.
V-26659 Medium Word XP binary documents and templates must be configured to edit in protected view.
V-26658 Medium Word 97 binary documents and templates must be configured to edit in protected view.
V-26589 Medium Application add-ins must be signed by Trusted Publisher.
V-26588 Medium Scripted Window Security must be enforced.
V-17473 Medium Force encrypted macros to be scanned in open XML documents must be determined and configured.
V-17471 Medium All automatic loading from Trusted Locations must be disabled.
V-26587 Medium File Downloads must be configured for proper restrictions.
V-26586 Medium ActiveX Installs must be configured for proper restriction.
V-26585 Medium Protection from zone elevation must be enforced.
V-26584 Medium Add-on Management functionality must be allowed.