STIGQter STIGQter: STIG Summary:

Microsoft Office System 2013 Security Technical Implementation Guide

Version: 2

Release: 1 Benchmark Date: 23 Oct 2020

SV-228516r508020_ruleOffice client polling of SharePoint servers published links must be disabled.
SV-228517r508020_ruleThe Help Improve Proofing Tools feature for Office must be configured.
SV-228518r508020_ruleA mix of policy and user locations for Office Products must be disallowed.
SV-228519r508020_ruleSmart Documents use of Manifests in Office must be disallowed.
SV-228520r508020_ruleLegacy format signatures must be enabled.
SV-228521r508020_ruleExternal Signature Services Menu for Office must be suppressed.
SV-228522r508020_ruleInclusion of document properties for PDF and XPS output must be disallowed.
SV-228523r508020_ruleBlogging entries created from inside Office products must be configured for SharePoint only.
SV-228524r508020_ruleThe Enable Updates and Disable Updates options in the UI must be hidden from users.
SV-228525r508020_ruleWhen using the Office Feedback tool, the ability to include a screenshot must be disabled.
SV-228526r508020_ruleThe ability to run unsecure Office apps must be disabled.
SV-228527r508020_ruleThe Office Telemetry Agent must be configured to obfuscate the file name, file path, and title of Office documents before uploading telemetry data to the shared folder.
SV-228528r508020_ruleThe Opt-In Wizard must be disabled.
SV-228529r508020_ruleThe Customer Experience Improvement Program for Office must be disabled.
SV-228530r508020_ruleAutomatic receiving of small updates to improve reliability must be disallowed.
SV-228531r508020_ruleThe Internet Fax Feature must be disabled.
SV-228532r508020_ruleOnline content options must be configured for offline content availability.
SV-228533r508020_ruleThe video informing a user about signing into Office365 must be disabled.
SV-228534r508020_ruleThe first-run prompt to sign into Office365 must be disabled.
SV-228535r508020_ruleThe ability to sign into Office365 must be disabled.
SV-228536r508020_ruleThe ability to automatically hyperlink screenshots within Word, PowerPoint, Excel and Outlook must be disabled.
SV-228537r508020_ruleThe prompt to save to OneDrive (formerly SkyDrive) must be disabled.
SV-228538r508020_ruleOffice Presentation Service must be removed as an option for presenting PowerPoint and Word online.
SV-228539r508020_ruleThe Office Feedback tool must be disabled.
SV-228540r508020_ruleRoaming settings must be stored locally and not synchronized to the Microsoft Office roaming settings web service.
SV-228541r508020_ruleThe ability of the Office Telemetry Agent to periodically upload telemetry data to a shared folder must be disabled.
SV-228542r508020_ruleThe Office Telemetry Agent and Office applications must be configured to collect telemetry data.
SV-228543r508020_ruleDocuments must be configured to not open as Read Write when browsing.
SV-228544r508020_ruleRelying on Vector markup Language (VML) for displaying graphics in browsers must be disallowed.
SV-228545r557514_ruleAutomation Security to enforce macro level security in Office documents must be configured.
SV-228546r508020_ruleThe ability to create an online presentation programmatically must be disabled.
SV-228547r508020_ruleDocument metadata for password protected files must be protected.
SV-228548r508020_ruleThe encryption type for password protected Open XML files must be set.
SV-228549r508020_ruleThe encryption type for password protected Office 97 thru Office 2003 must be set.
SV-228550r508020_rulePasswords for secured documents must be enforced.
SV-228551r508020_ruleTrust Bar notifications for Security messages must be enforced.
SV-228552r508020_ruleLoad controls in forms3 must be disabled from loading.
SV-228553r508020_ruleUsers must be prevented from using or inserting apps that come from the Office Store.
SV-228554r557517_ruleChanging permissions on rights managed content for users must be enforced.
SV-228555r508020_ruleOffice must be configured to not allow read with browsers.
SV-228556r508020_ruleConnection verification of permissions must be enforced.
SV-228557r508020_ruleActiveX control initialization must be disabled.
SV-228558r508020_ruleHyperlink warnings for Office must be configured for use.
SV-228559r508020_ruleDocument Information panel Beaconing must show UI.
SV-228560r508020_ruleRights managed Office Open XML files must be protected.
SV-228561r508020_ruleEncrypt document properties must be configured for OLE documents.
SV-228562r508020_ruleOffice automatic updates must be enabled for Office products installed via Click-to-Run and configured to use a Trusted site.