| 1.2.1.9 Ensure 'Local Machine Zone Lockdown Security' is set to Enabled - groove.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.9 Ensure 'Local Machine Zone Lockdown Security' is set to Enabled - mse7.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.9 Ensure 'Local Machine Zone Lockdown Security' is set to Enabled - mspub.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.9 Ensure 'Local Machine Zone Lockdown Security' is set to Enabled - winproj.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.5.1.12 (L1) Ensure 'Restrict File Download' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.4.7.2.1.2 (L1) Ensure 'Don't allow Dynamic Data Exchange (DDE) server launch in Excel' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.4.7.2.2.1 (L1) Ensure 'dBase III /IV files' is set to 'Enable: Open/Save blocked, use open policy' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.4.7.2.2.2 (L1) Ensure 'Dif and Sylk files' is set to 'Enabled: Open/Save blocked, use open policy' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.4.7.5 (L1) Ensure 'Turn off file validation' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.19.1 (L1) Ensure 'Allow users with earlier versions of Office to read with browsers...' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | ACCESS CONTROL |
| 2.3.27.4 (L1) Ensure 'ActiveX Control Initialization' is set to 'Enabled: 6' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.27.11 (L1) Ensure 'Disable password to open UI' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.27.14 (L1) Ensure 'Encryption type for password protected Office Open XML files' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.27.18 (L1) Ensure 'Protect document metadata for rights managed Office Open XML Files' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.29.1.1 (L1) Ensure 'Disable Internet Fax feature' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.31.1 (L1) Ensure 'Legacy format signatures' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.3.32.1 (L1) Ensure 'Disable Smart Document's use of manifests' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.1.2.1 (L1) Ensure 'Do not allow users to change permissions on folders' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 2.5.4.1 (L1) Ensure 'Do not allow Home Page URL to be set in folder Properties' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.5.9.2.1 (L1) Ensure 'PST Null Data on Delete' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | MEDIA PROTECTION |
| 2.5.10.8.1.2.1 (L1) Ensure 'Access to published calendars' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 2.5.10.8.1.2.3 (L1) Ensure 'Prevent publishing to Office.com' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.5.11.1 (L1) Ensure 'Turn off Outlook Social Connector' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.14.2.2 (L1) Ensure 'Do not display 'Publish to GAL' button' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.5.14.3.6 (L1) Ensure 'Allow hyperlinks in suspected phishing e-mail messages' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.5.14.3.12 (L1) Ensure 'Configure Outlook object model prompt when executing Save As' is set to 'Enabled: Automatically Deny' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.14.3.19 (L1) Ensure 'Enable RPC encryption' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.14.3.22 (L1) Ensure 'Minimum encryption settings' is set to 'Enabled: 256' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.14.3.23 (L1) Ensure 'Outlook Security Policy' is set to 'Use Outlook Security Group Policy' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.5.14.3.28 (L1) Ensure 'Security setting for macros' is set to 'Enabled: Warn for signed, disable unsigned' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.5.14.3.29 (L1) Ensure 'Set Outlook object model custom actions execution prompt' is set to 'Enabled: Automatically Deny' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.14.3.31 (L1) Ensure 'Use Unicode format when dragging e-mail message to file system' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.6.6.6.3 (L1) Ensure 'Make hidden markup visible' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.8.4.1.1 (L1) Ensure 'Block macros from running in Office files from the internet' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.4.1.2 (L1) Ensure 'Require that application add-ins are signed by Trusted Publisher' to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.4.1.4 (L1) Ensure 'VBA Macro Notification Settings' is set to 'Enabled: Disable all except digitally signed macros' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.11.1.2 Ensure 'Disable UI Extending from Documents and Templates' is set to Enabled - InfoPath | CIS Microsoft Office 2016 v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11.8.7.2.1.3 (L1) Ensure 'Word 2000 binary documents and templates' is set to 'Enabled: Open/Save blocked, use open policy' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.11.8.7.2.1.7 (L1) Ensure 'Word 95 binary documents and templates' is set to 'Enabled: Open/Save blocked, use open policy' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.11.8.7.2.2.3 (L1) Ensure 'Set document behavior if file validation fails' is set to 'Enabled: Open in Protected View' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11.8.7.2.5 (L1) Ensure 'Dynamic Data Exchange' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.11.8.7.2.7 (L1) Ensure 'Disable Trust Bar Notification for unsigned application add-ins and block them' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.17.2 Ensure 'Never Allow Users to Specify Groups When Restricting Permission for Documents' is set to Enabled | CIS Microsoft Office 2016 v1.1.0 | Windows | ACCESS CONTROL |
| 2.24.1.1 Ensure 'Disable Opt-in Wizard on First Run' is set to Enabled | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.24.1.5 Ensure 'Send personal information' is set to Disabled | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.25.8 Ensure 'Encryption Type for Password Protected Office Open XML Files' is set to Enabled | CIS Microsoft Office 2016 v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.25.12 Ensure 'Automation Security' is set to Enabled (Disable Macros by Default) | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.26.2 Ensure 'Disable The Office Client From Polling The SharePoint Server For Published Links' is set to Enabled | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.9 Harden host operating system | CIS Sybase 15.0 L1 DB v1.1.0 | SybaseDB | |
