DISA STIG Microsoft Office System 2016 v1r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Microsoft Office System 2016 v1r1

Updated: 10/5/2021

Authority: DISA STIG

Plugin: Windows

Revision: 1.11

Estimated Item Count: 21

Audit Items

Description	Categories
DISA_STIG_Microsoft_Office_System_2016_v1r1.audit for Microsoft Office System 2016, from DISA STIG Microsoft Office System 2016 v1r1
DTOO182 - The Help Improve Proofing Tools feature for Office must be configured	CONFIGURATION MANAGEMENT
DTOO186 - Trust Bar notifications for Security messages must be enforced	SYSTEM AND INFORMATION INTEGRITY
DTOO187 - Rights managed Office Open XML files must be protected	SYSTEM AND COMMUNICATIONS PROTECTION
DTOO188 - Document metadata for password protected files must be protected	SYSTEM AND COMMUNICATIONS PROTECTION
DTOO189 - The encryption type for password protected Open XML files must be set.	SYSTEM AND COMMUNICATIONS PROTECTION
DTOO190 - The encryption type for password protected Office 97 thru Office 2003 must be set	SYSTEM AND COMMUNICATIONS PROTECTION
DTOO191 - ActiveX control initialization must be disabled	CONFIGURATION MANAGEMENT
DTOO192 - Load controls in forms3 must be disabled from loading	CONFIGURATION MANAGEMENT
DTOO193 - Automation Security to enforce macro level security in Office documents must be configured	CONFIGURATION MANAGEMENT
DTOO196 - A mix of policy and user locations for Office Products must be disallowed	CONFIGURATION MANAGEMENT
DTOO197 - Smart Documents use of Manifests in Office must be disallowed	SYSTEM AND COMMUNICATIONS PROTECTION
DTOO201 - Connection verification of permissions must be enforced	CONFIGURATION MANAGEMENT
DTOO206 - Inclusion of document properties for PDF and XPS output must be disallowed	CONFIGURATION MANAGEMENT
DTOO321 - Encrypt document properties must be configured for OLE documents	SYSTEM AND COMMUNICATIONS PROTECTION
DTOO408 - Office Presentation Service must be removed as an option for presenting PowerPoint and Word online	ACCESS CONTROL
DTOO409 - The ability to create an online presentation programmatically must be disable	SYSTEM AND INFORMATION INTEGRITY
DTOO410 - When using the Office Feedback tool, the ability to include a screenshot must be disabled	CONFIGURATION MANAGEMENT
DTOO412 - The ability to run unsecure Office web add-ins and Catalogs must be disabled	SYSTEM AND COMMUNICATIONS PROTECTION
DTOO416 - The Office Telemetry Agent must be configured to obfuscate the file name, file path, and title of Office documents	CONFIGURATION MANAGEMENT
DTOO601 - The ability to send personal information to Office must be disabled	CONFIGURATION MANAGEMENT

Detections

Analytics

DISA STIG Microsoft Office System 2016 v1r1

Warning! Audit Deprecated

Audit Details

Audit Items