| 1.3.1 Ensure 'Block Flash activation in Office documents' is set to 'Enabled: Block all activation' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.2.4.7.2.2.3 (L1) Ensure 'Excel 2 macrosheets and add-in files' is set to 'Enabled: Open/Save blocked, use open policy' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.4.7.2.2.4 (L1) Ensure 'Excel 2 worksheets' is set to 'Enabled: Open/Save blocked, use open policy' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.4.7.2.2.5 (L1) Ensure 'Excel 3 macrosheets and add-in files' is set to 'Enabled: Open/Save blocked, use open policy' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.4.7.2.3.1 (L1) Ensure 'Always open untrusted database files in Protected View' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.4.7.2.3.6 (L1) Ensure 'Turn off Protected View for attachments opened from Outlook' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.4.7.2.8 (L1) Ensure 'Prevent Excel from running XLM macros' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.2.4.7.3 (L1) Ensure 'Force file extension to match file type' is set to 'Enabled: Always match file type' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.9.1 (L1) Ensure 'Document Information Panel Beaconing UI' is set to 'Enabled: Always show UI' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.19.2 (L1) Ensure 'Always expand groups in Office when restricting permission for documents' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.19.4 (L1) Ensure 'Never allow users to specify groups when restricting permission for documents' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 2.3.27.3.4 (L1) Ensure 'Allow mix of policy and user locations' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.27.9 (L1) Ensure 'Disable additional security checks on VBA library references that may refer to unsafe locations on the local machine' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.27.12 (L1) Ensure 'Encryption mode for Information Rights Management (IRM)' is set to 'Enabled: Cipher Block Chaining (CBC)' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 2.3.27.13 Ensure 'Encryption type for password protected Office 97-2003 files' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.27.15 (L1) Ensure 'Load Controls in Forms3' is set to 'Enabled: 4' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.27.17 (L1) Ensure 'Protect document metadata for password protected files' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.36.2.1 (L2) Ensure 'Online Content Options' is set to 'Enabled: Do not allow Office to connect to the Internet' | CIS Microsoft Intune for Office v1.1.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.39.5 (L1) Ensure 'Send personal information' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.5.1.6.3 (L1) Ensure 'Turn off RSS feature' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.7.1 (L1) Ensure 'Disable user entries to server list' is set to 'Enabled: Publish default, disallow others' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.5.10.8.1.2.5 (L1) Ensure 'Restrict upload method' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | ACCESS CONTROL |
| 2.5.10.8.4.3 (L1) Ensure 'Trust e-mail from contacts' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.5.10.11 (L2) Ensure 'Internet and network paths into hyperlinks' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 2.5.14.3.8 (L1) Ensure 'Allow users to demote attachments to Level 2' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.5.14.3.9 (L1) Ensure 'Authentication with Exchange server' is set to 'Enabled: Kerberos Password Authentication' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 2.5.14.3.10 (L1) Ensure 'Configure Outlook object model prompt when accessing an address book' is set to 'Enabled: Automatically Deny' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.14.3.11 (L1) Ensure 'Configure Outlook object model prompt When accessing the Formula property of a UserProperty object' is set to 'Enabled: Automatically Deny' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.14.3.15 (L1) Ensure 'Display Level 1 attachments' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.5.14.3.20 (L1) Ensure 'Include Internet in Safe Zones for Automatic Picture Download' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.14.3.24 (L1) Ensure 'Prevent users from customizing attachment security settings' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.5.14.5 (L1) Ensure 'Disable 'Remember password' for Internet e-mail accounts' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.6.6.5.1 (L1) Ensure 'Default file format' is set to 'Enabled: PowerPoint Presentation (*pptx)' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.6.6.6.2.1.2 (L1) Ensure 'Set default file block behavior' to 'Enabled: Blocked files are not opened' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.6.6.6.2.4 (L1) Ensure 'Block macros from running in Office files from the Internet' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.6.6.6.2.7 (L1) Ensure 'Trust Access to Visual Basic Project' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 7.3 Set Strong Password Creation Policies - Check HISTORY is set to 10 | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.6 Set Default umask for Users - Check if 'umask' is set to 077 - Check /etc/.login. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.persLabelString' is not set to default string. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.persLabelString' is set appropriately. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| Control how Office handles form-based sign-in prompts | Microsoft 365 Apps for Enterprise 2306 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Control how Office handles form-based sign-in prompts | MSCT M365 Apps for enterprise 2312 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| DTOO142 - Enforce encrypted macros to be scanned in open XML documents must be determined and configured. | DISA STIG Microsoft PowerPoint 2013 v1r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO217 - Publishing to a Web Distributed and Authoring (DAV) server must be prevented. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | CONFIGURATION MANAGEMENT |
| DTOO241 - Action to demote an EMail Level 1 attachment to Level 2 must be configured. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO272 - Permit download of content from safe zones must be configured. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | CONFIGURATION MANAGEMENT |
| DTOO274 - Internet with Safe Zones for Picture Download must be disabled. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | CONFIGURATION MANAGEMENT |
| DTOO293 - Attachments opened from Outlook must be in Protected View. | DISA STIG Microsoft Word 2013 v1r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO304 - Trust access for VBA must be disallowed. | DISA STIG Microsoft Access 2013 v1r7 | Windows | CONFIGURATION MANAGEMENT |
| Protect document metadata for rights managed Office Open XML Files | MSCT M365 Apps for enterprise 2312 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
