DISA STIG Microsoft Office System 2013 v2r1

Audit Details

Name: DISA STIG Microsoft Office System 2013 v2r1

Updated: 4/25/2022

Authority: DISA STIG

Plugin: Windows

Revision: 1.3

Estimated Item Count: 50

File Details

Filename: DISA_STIG_Microsoft_Office_System_2013_v2r1.audit

Size: 95.3 kB

MD5: 602b50e1e1ebc2a6c72143bf89853f00
SHA256: 64fc16346536a256d230efbb229c891098575ee3187aeed7e9991ac57c6b6e07

Audit Items

DescriptionCategories
DISA_STIG_Microsoft_Office_System_2013_v2r1.audit from DISA Microsoft Office System 2013 v2r1 STIG
DTOO179 - Documents must be configured to not open as Read Write when browsing.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO180 - Relying on Vector markup Language (VML) for displaying graphics in browsers must be disallowed - VML for displaying graphics in browsers must be disallowed

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO182 - The Help Improve Proofing Tools feature for Office must be configured.

CONFIGURATION MANAGEMENT

DTOO183 - The Opt-In Wizard must be disabled.

CONFIGURATION MANAGEMENT

DTOO184 - The Customer Experience Improvement Program for Office must be disabled.

CONFIGURATION MANAGEMENT

DTOO185 - Automatic receiving of small updates to improve reliability must be disallowed.

CONFIGURATION MANAGEMENT

DTOO186 - Trust Bar notifications for Security messages must be enforced.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO187 - Rights managed Office Open XML files must be protected.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO188 - Document metadata for password protected files must be protected.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO189 - The encryption type for password protected Open XML files must be set.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO190 - The encryption type for password protected Office 97 thru Office 2003 must be set.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO191 - ActiveX control initialization must be disabled.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO192 - Load controls in forms3 must be disabled from loading.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO193 - Automation Security to enforce macro level security in Office documents must be configured.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO194 - Hyperlink warnings for Office must be configured for use.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO195 - Passwords for secured documents must be enforced.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO196 - A mix of policy and user locations for Office Products must be disallowed.

CONFIGURATION MANAGEMENT

DTOO197 - Smart Documents use of Manifests in Office must be disallowed.

CONFIGURATION MANAGEMENT

DTOO198 - The Internet Fax Feature must be disabled.

CONFIGURATION MANAGEMENT

DTOO199 - Changing permissions on rights managed content for users must be enforced.

ACCESS CONTROL

DTOO200 - Office must be configured to not allow read with browsers.

ACCESS CONTROL

DTOO201 - Connection verification of permissions must be enforced.

ACCESS CONTROL

DTOO203 - Legacy format signatures must be enabled.

CONFIGURATION MANAGEMENT

DTOO204 - External Signature Services Menu for Office must be suppressed.

CONFIGURATION MANAGEMENT

DTOO206 - Inclusion of document properties for PDF and XPS output must be disallowed.

CONFIGURATION MANAGEMENT

DTOO207 - Document Information panel Beaconing must show UI.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO208 - Office client polling of SharePoint servers published links must be disabled.

ACCESS CONTROL

DTOO212 - Blogging entries created from inside Office products must be configured for SharePoint only.

CONFIGURATION MANAGEMENT

DTOO321 - Encrypt document properties must be configured for OLE documents.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO345 - Online content options must be configured for offline content availability.

CONFIGURATION MANAGEMENT

DTOO401 - Office automatic updates must be enabled for Office products installed via Click-to-Run and configured to use a Trusted site - automatic updates

SYSTEM AND INFORMATION INTEGRITY

DTOO401 - Office automatic updates must be enabled for Office products installed via Click-to-Run and configured to use a Trusted site - update server

SYSTEM AND INFORMATION INTEGRITY

DTOO401 - Office automatic updates must be enabled for Office products installed via Click-to-Run and configured to use a Trusted site - update stats server

SYSTEM AND INFORMATION INTEGRITY

DTOO402 - The Enable Updates and Disable Updates options in the UI must be hidden from users.

CONFIGURATION MANAGEMENT

DTOO403 - The video informing a user about signing into Office365 must be disabled.

CONFIGURATION MANAGEMENT

DTOO404 - The first-run prompt to sign into Office365 must be disabled.

CONFIGURATION MANAGEMENT

DTOO405 - The ability to sign into Office365 must be disabled.

CONFIGURATION MANAGEMENT

DTOO406 - The ability to automatically hyperlink screenshots within Word, PowerPoint, Excel and Outlook must be disabled.

CONFIGURATION MANAGEMENT

DTOO407 - The prompt to save to OneDrive (formerly SkyDrive) must be disabled.

CONFIGURATION MANAGEMENT

DTOO408 - Office Presentation Service must be removed as an option for presenting PowerPoint and Word online.

CONFIGURATION MANAGEMENT

DTOO409 - The ability to create an online presentation programmatically must be disabled.

SYSTEM AND COMMUNICATIONS PROTECTION

DTOO410 - When using the Office Feedback tool, the ability to include a screenshot must be disabled.

CONFIGURATION MANAGEMENT

DTOO411 - The Office Feedback tool must be disabled.

CONFIGURATION MANAGEMENT

DTOO412 - The ability to run unsecure Office apps must be disabled.

CONFIGURATION MANAGEMENT

DTOO413 - Users must be prevented from using or inserting apps that come from the Office Store.

CONFIGURATION MANAGEMENT

DTOO414 - Roaming settings must be stored locally and not synchronized to the Microsoft Office roaming settings web service.

CONFIGURATION MANAGEMENT

DTOO415 - The ability of the Office Telemetry Agent to periodically upload telemetry data to a shared folder must be disabled.

CONFIGURATION MANAGEMENT

DTOO416 - The Office Telemetry Agent must be configured to obfuscate the file name, file path, and title of Office documents before uploading telemetry data to the shared folder.

CONFIGURATION MANAGEMENT

DTOO417 - The Office Telemetry Agent and Office applications must be configured to collect telemetry data.

CONFIGURATION MANAGEMENT