STIGQter STIGQter: STIG Summary: Microsoft Office System 2013 STIG

Version: 1

Release: 9 Benchmark Date: 25 Oct 2019

SV-52728r4_ruleActiveX control initialization must be disabled.
SV-52745r4_ruleA mix of policy and user locations for Office Products must be disallowed.
SV-52756r4_ruleBlogging entries created from inside Office products must be configured for SharePoint only.
SV-52749r4_ruleOffice must be configured to not allow read with browsers.
SV-52723r4_ruleTrust Bar notifications for Security messages must be enforced.
SV-52754r4_ruleDocument Information panel Beaconing must show UI.
SV-52721r4_ruleThe Customer Experience Improvement Program for Office must be disabled.
SV-52727r5_ruleThe encryption type for password protected Office 97 thru Office 2003 must be set.
SV-52726r5_ruleThe encryption type for password protected Open XML files must be set.
SV-52719r5_ruleThe Help Improve Proofing Tools feature for Office must be configured.
SV-52731r4_ruleHyperlink warnings for Office must be configured for use.
SV-52753r4_ruleInclusion of document properties for PDF and XPS output must be disallowed.
SV-52747r4_ruleThe Internet Fax Feature must be disabled.
SV-52720r5_ruleThe Opt-In Wizard must be disabled.
SV-52744r2_rulePasswords for secured documents must be enforced.
SV-52746r4_ruleSmart Documents use of Manifests in Office must be disallowed.
SV-52755r4_ruleOffice client polling of SharePoint servers published links must be disabled.
SV-52750r4_ruleConnection verification of permissions must be enforced.
SV-52722r4_ruleAutomatic receiving of small updates to improve reliability must be disallowed.
SV-52730r3_ruleAutomation Security to enforce macro level security in Office documents must be configured.
SV-52751r4_ruleLegacy format signatures must be enabled.
SV-52729r4_ruleLoad controls in forms3 must be disabled from loading.
SV-52714r6_ruleDocuments must be configured to not open as Read Write when browsing.
SV-52748r3_ruleChanging permissions on rights managed content for users must be enforced.
SV-52725r4_ruleDocument metadata for password protected files must be protected.
SV-52724r4_ruleRights managed Office Open XML files must be protected.
SV-52715r4_ruleRelying on Vector markup Language (VML) for displaying graphics in browsers must be disallowed.
SV-52752r4_ruleExternal Signature Services Menu for Office must be suppressed.
SV-52758r5_ruleOnline content options must be configured for offline content availability.
SV-52757r4_ruleEncrypt document properties must be configured for OLE documents.
SV-53190r1_ruleOffice automatic updates must be enabled for Office products installed via Click-to-Run and configured to use a Trusted site.
SV-53191r1_ruleThe Enable Updates and Disable Updates options in the UI must be hidden from users.
SV-53192r4_ruleThe video informing a user about signing into Office365 must be disabled.
SV-53193r4_ruleThe first-run prompt to sign into Office365 must be disabled.
SV-53194r4_ruleThe ability to sign into Office365 must be disabled.
SV-53195r4_ruleThe ability to automatically hyperlink screenshots within Word, PowerPoint, Excel and Outlook must be disabled.
SV-53196r6_ruleThe prompt to save to OneDrive (formerly SkyDrive) must be disabled.
SV-53207r4_ruleOffice Presentation Service must be removed as an option for presenting PowerPoint and Word online.
SV-53211r4_ruleThe ability to create an online presentation programmatically must be disabled.
SV-53212r4_ruleWhen using the Office Feedback tool, the ability to include a screenshot must be disabled.
SV-53213r5_ruleThe Office Feedback tool must be disabled.
SV-53214r5_ruleThe ability to run unsecure Office apps must be disabled.
SV-53215r5_ruleUsers must be prevented from using or inserting apps that come from the Office Store.
SV-53216r5_ruleRoaming settings must be stored locally and not synchronized to the Microsoft Office roaming settings web service.
SV-53217r5_ruleThe ability of the Office Telemetry Agent to periodically upload telemetry data to a shared folder must be disabled.
SV-53218r5_ruleThe Office Telemetry Agent must be configured to obfuscate the file name, file path, and title of Office documents before uploading telemetry data to the shared folder.
SV-53219r5_ruleThe Office Telemetry Agent and Office applications must be configured to collect telemetry data.