DISA STIG Microsoft Office System 2016 v2r2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Microsoft Office System 2016 v2r2

Updated: 5/28/2024

Authority: DISA STIG

Plugin: Windows

Revision: 1.3

Estimated Item Count: 21

File Details

Filename: DISA_STIG_Microsoft_Office_System_2016_v2r2.audit

Size: 48.7 kB

MD5: 8248fbfcceccb10fa706ba887d623741
SHA256: 5f177a70780555b52eb61616a8390d8a15ece4a10cea287b7b7274434fe2eddf

Audit Items

DISA_STIG_Microsoft_Office_System_2016_v2r2.audit from DISA Microsoft Office System 2016 v2r2 STIG
DTOO182 - The Help Improve Proofing Tools feature for Office must be configured.
DTOO186 - Trust Bar notifications for Security messages must be enforced.
DTOO187 - Rights managed Office Open XML files must be protected.
DTOO188 - Document metadata for password protected files must be protected.
DTOO189 - The encryption type for password protected Open XML files must be set.
DTOO190 - The encryption type for password protected Office 97 thru Office 2003 must be set.
DTOO191 - ActiveX control initialization must be disabled.
DTOO192 - Load controls in forms3 must be disabled from loading.
DTOO193 - Automation Security to enforce macro level security in Office documents must be configured.
DTOO196 - A mix of policy and user locations for Office Products must be disallowed.
DTOO197 - Smart Documents use of Manifests in Office must be disallowed.
DTOO201 - Connection verification of permissions must be enforced.
DTOO206 - Inclusion of document properties for PDF and XPS output must be disallowed.
DTOO321 - Encrypt document properties must be configured for OLE documents.
DTOO408 - Office Presentation Service must be removed as an option for presenting PowerPoint and Word online.
DTOO409 - The ability to create an online presentation programmatically must be disabled.
DTOO410 - When using the Office Feedback tool, the ability to include a screenshot must be disabled.
DTOO412 - The ability to run unsecure Office web add-ins and Catalogs must be disabled.
DTOO416 - The Office Telemetry Agent must be configured to obfuscate the file name, file path, and title of Office documents before uploading telemetry data to the shared folder.
DTOO601 - The ability to send personal information to Office must be disabled.