| 2.2.4.7.2.3.4 (L1) Ensure 'Set document behavior if file validation fails' is set to 'Enabled: Open in Protected View' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11.1.2 Ensure 'Disable UI Extending from Documents and Templates' is set to Enabled - Excel | CIS Microsoft Office 2016 v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11.1.2 Ensure 'Disable UI Extending from Documents and Templates' is set to Enabled - Outlook | CIS Microsoft Office 2016 v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11.1.2 Ensure 'Disable UI Extending from Documents and Templates' is set to Enabled - PowerPoint | CIS Microsoft Office 2016 v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11.8.7.2.2.4 (L1) Ensure 'Set document behavior if file validation fails' is set to 'Unchecked: Do not allow edit` | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.24.1.3 Ensure 'Allow including screenshot with Office Feedback' is set to Disabled | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 20.31 Ensure 'Host-based firewall is installed and enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Block Flash activation in Office documents - Compatibility Flags - D27CDB6E-AE6D-11CF-96B8-444553540000 - Office 16.0 | MSCT Office 365 ProPlus 1908 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO104 - Publisher - Disabling of user name and password syntax from being used in URLs must be enforced. | DISA STIG Office 2010 Publisher v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO111 - Word - Enabling IE Bind to Object functionality must be present. | DISA STIG Office 2010 Word v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO117 - Access - Saved from URL mark to assure Internet zone processing must be enforced. | DISA STIG Office 2010 Access v1r11 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO117 - Word - Saved from URL mark to assure Internet zone processing must be enforced. | DISA STIG Office 2010 Word v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO123 - Publisher - Navigation to URL's embedded in Office products must be blocked. | DISA STIG Office 2010 Publisher v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO124 - Access - Scripted Window Security must be enforced. | DISA STIG Office 2010 Access v1r11 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO124 - OneNote - Scripted Window Security must be enforced. | DISA STIG Office 2010 OneNote v1r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO124 - Project - Scripted Window Security must be enforced. | DISA STIG Office 2010 Project v1r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO124 - Publisher - Scripted Window Security must be enforced. | DISA STIG Office 2010 Publisher v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO126 - OneNote - Add-on Management functionality must be allowed. | DISA STIG Office 2010 OneNote v1r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO127 - Add-ins to Office applications must be signed by a Trusted Publisher. | DISA STIG Microsoft Project 2016 v1r1 | Windows | CONFIGURATION MANAGEMENT |
| DTOO128 - Project - Data Execution Prevention must be enforced. | DISA STIG Office 2010 Project v1r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO128 - Publisher - Data Execution Prevention must be enforced. | DISA STIG Office 2010 Publisher v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO129 - Access - Links that invoke instances of IE from within an Office product must be blocked. | DISA STIG Office 2010 Access v1r11 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO129 - OneNote - Links that invoke instances of IE from within an Office product must be blocked. | DISA STIG Office 2010 OneNote v1r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO129 - Word - Links that invoke instances of IE from within an Office product must be blocked. | DISA STIG Office 2010 Word v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO132 - Outlook - File Downloads must be configured for proper restrictions. | DISA STIG Office 2010 Outlook v1r14 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO132 - Project - File Downloads must be configured for proper restrictions. | DISA STIG Office 2010 Project v1r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO133 - Word - All automatic loading from Trusted Locations must be disabled. | DISA STIG Office 2010 Word v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO134 - Word - Disallowance of Trusted Locations on the network must be enforced. | DISA STIG Office 2010 Word v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO156 - InfoPath - Offline Mode capability to cache queries for offline mode must be configured. | DISA STIG Office 2010 InfoPath v1r12 | Windows | CONFIGURATION MANAGEMENT |
| DTOO158 - InfoPath - Disabling the opening of solutions from the Internet Security Zone must be configured. | DISA STIG Office 2010 InfoPath v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO159 - InfoPath - Disabling of Fully Trusted Solutions access to computers must be configured. | DISA STIG Office 2010 InfoPath v1r12 | Windows | CONFIGURATION MANAGEMENT |
| DTOO164 - InfoPath - Beaconing UI shown for opened forms must be configured. | DISA STIG Office 2010 InfoPath v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO183 - The Opt-In Wizard must be disabled. | DISA STIG Microsoft Office System 2013 v2r2 | Windows | CONFIGURATION MANAGEMENT |
| DTOO201 - Office System - Connection verification of permissions must be enforced. | DISA STIG Office System 2010 v1r13 | Windows | ACCESS CONTROL |
| DTOO210 - Word - Pre-release versions of file formats new to Office Products must be blocked. | DISA STIG Office 2010 Word v1r12 | Windows | CONFIGURATION MANAGEMENT |
| DTOO211 - Publisher - ActiveX Installs must be configured for proper restriction. | DISA STIG Office 2010 Publisher v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO218 - Outlook - Level of calendar details that a user can publish must be restricted. | DISA STIG Office 2010 Outlook v1r14 | Windows | CONFIGURATION MANAGEMENT |
| DTOO221 - Outlook - Junk Mail UI must be configured. | DISA STIG Office 2010 Outlook v1r14 | Windows | CONFIGURATION MANAGEMENT |
| DTOO224 - Outlook - Recipients of sent email must be unable to be added to the safe sender's list. | DISA STIG Office 2010 Outlook v1r14 | Windows | CONFIGURATION MANAGEMENT |
| DTOO226 - Outlook - Dial-up and Hang up Options for Outlook must be configured. | DISA STIG Office 2010 Outlook v1r14 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO292 - Word - Document behavior if file validation fails must be set - OpenInProtectedView | DISA STIG Office 2010 Word v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO304 - Access - Warning Bar settings for VBA macros must be configured. | DISA STIG Office 2010 Access v1r11 | Windows | CONFIGURATION MANAGEMENT |
| DTOO322 - Publisher - Fatally corrupt files must be blocked from opening. | DISA STIG Office 2010 Publisher v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO337 - Word - Word 95 binary documents and templates must be configured to edit in protected view. | DISA STIG Office 2010 Word v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO999 - InfoPath - The version of InfoPath running on the system must be a supported version. | DISA STIG Office 2010 InfoPath v1r12 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTOO999 - OneNote - The version of OneNote running on the system must be a supported version. | DISA STIG Office 2010 OneNote v1r10 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTOO999 - Project - The version of Microsoft Project running on the system must be a supported version. | DISA STIG Office 2010 Project v1r10 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTOO999 - Word - The version of Microsoft Word running on the system must be a supported version. | DISA STIG Office 2010 Word v1r12 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Require that application add-ins are signed by Trusted Publisher - requireaddinsig - access | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Require that application add-ins are signed by Trusted Publisher - requireaddinsig - publisher | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
