| 1.1.3.2.2 Ensure 'Require that application add-ins are signed by Trusted Publisher' is set to Enabled | CIS Microsoft Office Access 2013 v1.0.1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.1.3.2.2 Ensure 'Require that application add-ins are signed by Trusted Publisher' is set to Enabled | CIS Microsoft Office Access 2016 v1.0.1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.1.13 Ensure 'Navigate URL' is set to Enabled - exprwd.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.13 Ensure 'Navigate URL' is set to Enabled - groove.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.13 Ensure 'Navigate URL' is set to Enabled - msaccess.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.13 Ensure 'Navigate URL' is set to Enabled - mse7.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.13 Ensure 'Navigate URL' is set to Enabled - onent.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.13 Ensure 'Navigate URL' is set to Enabled - outlook.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.13 Ensure 'Navigate URL' is set to Enabled - powerpnt.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.13 Ensure 'Navigate URL' is set to Enabled - pptview.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.2.4.1.2 Ensure 'Ask to update automatic links' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.2.9 Ensure 'Allow log on locally' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.9 Ensure 'Allow log on locally' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.26 Ensure 'Deny log on as a batch job' to include 'Guests' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.30 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.25.1.3 Ensure 'Disable Opt-in Wizard on first run' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.27.18 Ensure 'Protect document metadata for rights managed Office Open XML Files' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.34.2.1 Ensure 'Online Content Options' is set to Enabled (Allow Office to connect to the internet) | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.8 Set 'Enable OOF messages to remote domains' to 'None' | CIS Microsoft Exchange Server 2016 Hub v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Block Flash activation in Office documents - Compatibility Flags - D27CDB6E-AE6D-11CF-96B8-444553540000 - office 16.0 - 32-bit | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Block Flash activation in Office documents - Compatibility Flags - D27CDB6E-AE6D-11CF-96B8-444553540000 - office 16.0 - 64-bit | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Block Flash activation in Office documents - Compatibility Flags - D27CDB70-AE6D-11CF-96B8-444553540000 - office 16.0 - 32-bit | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Block Flash activation in Office documents - Compatibility Flags - D27CDB70-AE6D-11CF-96B8-444553540000 - office 16.0 - 64-bit | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO188 - Document metadata for password protected files must be protected. | DISA STIG Microsoft Office System 2013 v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO191 - ActiveX control initialization must be disabled. | DISA STIG Microsoft Office System 2013 v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO212 - Blogging entries created from inside Office products must be configured for SharePoint only. | DISA STIG Microsoft Office System 2013 v2r2 | Windows | CONFIGURATION MANAGEMENT |
| O365-AC-000001 - Macros must be blocked from running in Access files from the Internet. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-CO-000012 - Office applications must not load XML expansion packs with Smart Documents. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | CONFIGURATION MANAGEMENT |
| O365-CO-000018 - The Local Machine Zone Lockdown Security must be enabled in all Office programs. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | CONFIGURATION MANAGEMENT |
| O365-CO-000024 - File Download Restriction must be enabled in all Office programs. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-CO-000025 - The Save from URL feature must be enabled in all Office programs. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-EX-000009 - Open/save of Excel 3 macrosheets and add-in files must be blocked. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-EX-000010 - Open/save of Excel 3 worksheets must be blocked. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-EX-000013 - Open/save of Excel 4 worksheets must be blocked. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-EX-000026 - WEBSERVICE Function Notification in Excel must be configured to disable all, with notifications. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-EX-000028 - Trust Bar notification must be enabled for unsigned application add-ins in Excel and blocked. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | CONFIGURATION MANAGEMENT |
| O365-EX-000029 - Untrusted Microsoft Query files must be blocked from opening in Excel. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-EX-000030 - Untrusted database files must be opened in Excel in Protected View mode. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-OU-000002 - Outlook must use remote procedure call (RPC) encryption to communicate with Microsoft Exchange servers. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| O365-OU-000005 - Files dragged from an Outlook e-mail to the file system must be created in ANSI format. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | CONFIGURATION MANAGEMENT |
| O365-OU-000008 - Outlook must be configured to prevent users overriding attachment security settings. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | ACCESS CONTROL |
| O365-OU-000011 - The minimum encryption key length in Outlook must be at least 168. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-OU-000015 - The ability to demote attachments from Level 2 to Level 1 must be disabled. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-OU-000023 - When an untrusted program attempts to use the Save As command to programmatically save an item, Outlook must automatically deny it. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-PR-000002 - Project must automatically disable unsigned add-ins without informing users. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | CONFIGURATION MANAGEMENT |
| O365-VI-000002 - Trusted Locations on the network must be disabled in Visio. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-WD-000002 - In Word, encrypted macros must be scanned. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-WD-000009 - Open/Save of Word 2000 binary documents and templates must be blocked. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-WD-000014 - Open/Save of Word 97 binary documents and templates must be blocked. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-WD-000019 - File validation in Word must be enabled. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
