DISA STIG Microsoft Office 365 ProPlus v3r1

Audit Details

Name: DISA STIG Microsoft Office 365 ProPlus v3r1

Updated: 8/28/2024

Authority: DISA STIG

Plugin: Windows

Revision: 1.0

Estimated Item Count: 140

File Details

Filename: DISA_STIG_Microsoft_Office_365_ProPlus_v3r1.audit

Size: 393 kB

MD5: 38977fa312282387bc3b01714458599f
SHA256: e313375f9e0721a7e21b6714f8f26172b5a39c22bfc37ab5bc9bc8c771b744ac

Audit Items

DescriptionCategories
DISA_STIG_Microsoft_Office_365_ProPlus_v3r1.audit from DISA Microsoft Office 365 ProPlus v3r1 STIG
O365-AC-000001 - Macros must be blocked from running in Access files from the Internet.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-AC-000002 - Trust Bar Notifications for unsigned application add-ins in Access must be disabled and blocked.

CONFIGURATION MANAGEMENT

O365-AC-000003 - VBA Macros not digitally signed must be blocked in Access.

CONFIGURATION MANAGEMENT

O365-AC-000004 - Allowing Trusted Locations on the network must be disabled in Access.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-CO-000001 - The Macro Runtime Scan Scope must be enabled for all documents.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-CO-000002 - Document metadata for rights managed Office Open XML files must be protected.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-CO-000003 - The Office client must be prevented from polling the SharePoint Server for published links.

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

O365-CO-000004 - Custom user interface (UI) code must be blocked from loading in all Office applications.

CONFIGURATION MANAGEMENT

O365-CO-000005 - ActiveX Controls must be initialized in Safe Mode.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-CO-000006 - Macros in all Office applications that are opened programmatically by another application must be opened based upon macro security level.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-CO-000007 - Trust Bar notifications must be configured to display information in the Message Bar about the content that has been automatically blocked.

CONFIGURATION MANAGEMENT

O365-CO-000008 - Office applications must be configured to specify encryption type in password-protected Office 97-2003 files.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-CO-000009 - Office applications must be configured to specify encryption type in password-protected Office Open XML files.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-CO-000010 - Users must be prevented from creating new trusted locations in the Trust Center.

ACCESS CONTROL

O365-CO-000012 - Office applications must not load XML expansion packs with Smart Documents.

CONFIGURATION MANAGEMENT

O365-CO-000013 - The load of controls in Forms3 must be blocked.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-CO-000014 - Add-on Management must be enabled for all Office 365 ProPlus programs.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-CO-000015 - Consistent MIME handling must be enabled for all Office 365 ProPlus programs.

IDENTIFICATION AND AUTHENTICATION

O365-CO-000016 - User name and password must be disabled in all Office programs.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-CO-000017 - The Information Bar must be enabled in all Office programs.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-CO-000018 - The Local Machine Zone Lockdown Security must be enabled in all Office programs.

CONFIGURATION MANAGEMENT

O365-CO-000019 - The MIME Sniffing safety feature must be enabled in all Office programs.

IDENTIFICATION AND AUTHENTICATION

O365-CO-000020 - Navigate URL must be enabled in all Office programs.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-CO-000021 - Object Caching Protection must be enabled in all Office programs.

IDENTIFICATION AND AUTHENTICATION

O365-CO-000022 - Protection from zone elevation must be enabled in all Office programs.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-CO-000023 - ActiveX installation restriction must be enabled in all Office programs.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-CO-000024 - File Download Restriction must be enabled in all Office programs.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-CO-000025 - The Save from URL feature must be enabled in all Office programs.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-CO-000026 - Scripted Windows Security restrictions must be enabled in all Office programs.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-CO-000027 - Flash player activation must be disabled in all Office programs.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-EX-000001 - Trusted Locations on the network must be disabled in Excel.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-EX-000002 - VBA Macros not digitally signed must be blocked in Excel.

CONFIGURATION MANAGEMENT

O365-EX-000003 - Dynamic Data Exchange (DDE) server launch in Excel must be blocked.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-EX-000004 - Dynamic Data Exchange (DDE) server lookup in Excel must be blocked.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-EX-000005 - Open/save of dBase III / IV format files must be blocked.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-EX-000006 - Open/save of Dif and Sylk format files must be blocked.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-EX-000007 - Open/save of Excel 2 macrosheets and add-in files must be blocked.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-EX-000008 - Open/save of Excel 2 worksheets must be blocked.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-EX-000009 - Open/save of Excel 3 macrosheets and add-in files must be blocked.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-EX-000010 - Open/save of Excel 3 worksheets must be blocked.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-EX-000011 - Open/save of Excel 4 macrosheets and add-in files must be blocked.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-EX-000012 - Open/save of Excel 4 workbooks must be blocked.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-EX-000013 - Open/save of Excel 4 worksheets must be blocked.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-EX-000014 - Open/save of Excel 95 workbooks must be blocked.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-EX-000015 - Open/save of Excel 95-97 workbooks and templates must be blocked.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-EX-000016 - The default file block behavior must be set to not open blocked files in Excel.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-EX-000017 - Open/save of Web pages and Excel 2003 XML spreadsheets must be blocked.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-EX-000018 - Extraction options must be blocked when opening corrupt Excel workbooks.

SYSTEM AND COMMUNICATIONS PROTECTION

O365-EX-000019 - Updating of links in Excel must be prompted and not automatic.

SYSTEM AND COMMUNICATIONS PROTECTION