UCF STIG Viewer Logo

Microsoft OneDrive Security Technical Implementation Guide


Overview

Date Finding Count (12)
2023-06-05 CAT I (High): 0 CAT II (Med): 12 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Sensitive)

Finding ID Severity Title
V-230564 Medium The use of personal accounts for OneDrive synchronization must be disabled.
V-230562 Medium OneDrive must only allow synchronizing of accounts for DoD organization instances.
V-215529 Medium Disabling of user name and password syntax from being used in URLs must be enforced.
V-215538 Medium ActiveX Installs must be configured for proper restriction.
V-215533 Medium Scripted Window Security must be enforced.
V-215532 Medium Navigation to URLs embedded in Office products must be blocked.
V-215531 Medium Saved from URL mark to assure Internet zone processing must be enforced.
V-215530 Medium Enabling IE Bind to Object functionality must be present.
V-215537 Medium Protection from zone elevation must be enforced.
V-215536 Medium File Downloads must be configured for proper restrictions.
V-215535 Medium Links that invoke instances of Internet Explorer from within an Office product must be blocked.
V-215534 Medium Add-on Management functionality must be allowed.