| 1.22 Set 'Prevent publishing to Office.com' to 'Enabled' | CIS MS Office Outlook 2010 v1.0.0 | Windows | ACCESS CONTROL |
| 2.5.10.11 Ensure 'Internet and network paths into hyperlinks' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 2.5.14.1.4 Ensure 'Do not permit download of content from safe zones' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.14.1.5 Ensure 'Include Internet in Safe Zones for Automatic Picture Download' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.14.2.1.5 Ensure 'Retrieving CRLs (Certificate Revocation Lists)' is set to 'Enabled: When online always retrieve the CRL' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.5.14.2.4 Ensure 'Message Formats' is set to 'Enabled: S/MIME' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.14.2.5 Ensure 'Minimum encryption settings' is set to 'Enabled: 256' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.14.2.6 Ensure 'S/MIME interoperability with external clients:' is set to 'Enabled: Handle internally' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.14.3.1.3 Ensure 'Do not prompt about Level 1 attachments when closing an item' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.5.14.3.1.5 Ensure 'Remove file extensions blocked as Level 1' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.5.14.6 Ensure 'Disable 'Remember password' for Internet e-mail accounts' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.5.14.7 Ensure 'Do not automatically sign replies' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.14.9 Ensure 'Prompt user to choose security settings if default settings fail' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.5 Set 'Disable all Trust Bar notifications for security issues' to 'Disabled' | CIS MS Office Outlook 2010 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 5.2.2.3 (L1) Enable Conditional Access policies to block legacy authentication | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 5.2.2.3 (L1) Enable Conditional Access policies to block legacy authentication | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 22.9 (L1) Ensure 'ASR: Block all Office applications from creating child processes' is set to 'Audit' or higher | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 22.9 (L1) Ensure 'ASR: Block all Office applications from creating child processes' is set to 'Audit' or higher | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 22.13 (L1) Ensure 'ASR: Block execution of potentially obfuscated scripts' is set to 'Audit' or higher | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 22.13 (L1) Ensure 'ASR: Block execution of potentially obfuscated scripts' is set to 'Audit' or higher | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTOO425 - Text in Outlook that represents Internet and network paths must not be automatically turned into hyperlinks. | DISA STIG Office 2010 Outlook v1r14 | Windows | CONFIGURATION MANAGEMENT |
| EX13-MB-000005 - Exchange must have Administrator audit logging enabled. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | ACCESS CONTROL |
| EX13-MB-000015 - Exchange auto-forwarding email to remote domains must be disabled or restricted. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | ACCESS CONTROL |
| EX13-MB-000040 - Exchange Email Subject Line logging must be disabled. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| EX13-MB-000075 - Exchange must protect audit data against unauthorized deletion. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| EX13-MB-000125 - Exchange Public Folder stores must be retained until backups are complete. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000195 - Exchange Send connectors must be clearly named. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000205 - Exchange Message size restrictions must be controlled on Send connectors. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000215 - The Exchange global inbound message size must be controlled. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000285 - The Exchange application directory must be protected from unauthorized access. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
| EX13-MB-000310 - The Exchange Email application must not share a partition with another application. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000315 - Exchange must not send delivery reports to remote domains. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000325 - The Exchange SMTP automated banner response must not reveal server details. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000340 - The version of Exchange running on the system must be a supported version. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Restrict legacy JScript execution for Office - excel.exe | Microsoft 365 Apps for Enterprise 2306 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restrict legacy JScript execution for Office - excel.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restrict legacy JScript execution for Office - msaccess.exe | Microsoft 365 Apps for Enterprise 2306 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restrict legacy JScript execution for Office - msaccess.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restrict legacy JScript execution for Office - msaccess.exe | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restrict legacy JScript execution for Office - mspub.exe | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restrict legacy JScript execution for Office - mspub.exe | Microsoft 365 Apps for Enterprise 2306 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restrict legacy JScript execution for Office - onenote.exe | MSCT Microsoft 365 Apps for Enterprise 2206 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restrict legacy JScript execution for Office - outlook.exe | MSCT M365 Apps for enterprise 2312 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restrict legacy JScript execution for Office - outlook.exe | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restrict legacy JScript execution for Office - powerpnt.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restrict legacy JScript execution for Office - visio.exe | MSCT M365 Apps for enterprise 2312 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restrict legacy JScript execution for Office - winproj.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restrict legacy JScript execution for Office - winproj.exe | MSCT Microsoft 365 Apps for Enterprise 2206 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restrict legacy JScript execution for Office - winword.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restrict legacy JScript execution for Office - winword.exe | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
