UCF STIG Viewer Logo

Microsoft Word 2013 STIG


Overview

Date Finding Count (35)
2016-12-20 CAT I (High): 0 CAT II (Med): 35 CAT III (Low): 0
STIG Description
The Microsoft Word 2013 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-17187 Medium Trust Bar Notifications for unsigned application add-ins must be blocked.
V-17184 Medium Links that invoke instances of Internet Explorer from within an Office product must be blocked.
V-17183 Medium Navigation to URLs embedded in Office products must be blocked.
V-17811 Medium The automatically update links feature must be disabled.
V-17813 Medium A warning before printing that the document contains tracking changes must be provided.
V-26615 Medium Files in unsafe locations must be opened in Protected View.
V-26614 Medium Files from the Internet zone must be opened in Protected View.
V-72829 Medium Macros must be blocked from running in Office 2013 files from the Internet.
V-17521 Medium The Save commands default file format must be configured.
V-17520 Medium Disallowance of trusted locations on the network must be enforced.
V-17522 Medium Trust access for VBA must be disallowed.
V-17173 Medium Disabling of user name and password syntax from being used in URLs must be enforced.
V-26648 Medium Online translation dictionaries must not be used.
V-17174 Medium The Internet Explorer Bind to Object functionality must be enabled.
V-17175 Medium The Saved from URL mark must be selected to enforce Internet zone processing.
V-17545 Medium Warning Bar settings for VBA macros must be configured.
V-26592 Medium Configuration for file validation must be enforced.
V-26657 Medium Word 95 binary documents and templates must be configured to edit in protected view.
V-26656 Medium Word 6.0 binary documents and templates must be configured for block open/save actions.
V-26654 Medium Word 2000 binary documents and templates must be configured to edit in protected view.
V-26653 Medium Word 2 and earlier binary documents and templates must be blocked for open/save.
V-26612 Medium Blocking as default file block opening behavior must be enforced.
V-41147 Medium Word must be configured to warn when opening a document with custom XML markup.
V-26617 Medium Attachments opened from Outlook must be in Protected View.
V-26616 Medium Document behavior if file validation fails must be set.
V-26659 Medium Word XP binary documents and templates must be configured to edit in protected view.
V-26658 Medium Word 97 binary documents and templates must be configured to edit in protected view.
V-26589 Medium Add-ins to Office applications must be signed by a Trusted Publisher.
V-26588 Medium Scripted Window Security must be enforced.
V-17473 Medium Force encrypted macros to be scanned in open XML documents must be determined and configured.
V-17471 Medium All automatic loading from trusted locations must be disabled.
V-26587 Medium File Downloads must be configured for proper restrictions.
V-26586 Medium ActiveX Installs must be configured for proper restriction.
V-26585 Medium Protection from zone elevation must be enforced.
V-26584 Medium Add-on Management functionality must be allowed.