STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

Microsoft Excel 2016 Security Technical Implementation Guide

Version

V2R2

Release Date

Nov 25, 2025

SCAP Benchmark ID

Microsoft_Excel_2016

Total Checks

42

Tags

other
CAT I: 1CAT II: 41CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (42)

V-238155MEDIUMDisabling of user name and password syntax from being used in URLs must be enforced.V-238156MEDIUMOpen/Save actions for Excel 4 macrosheets and add-in files must be blocked.V-238157MEDIUMOpen/Save actions for Excel 4 workbooks must be blocked.V-238158MEDIUMOpen/Save actions for Excel 4 worksheets must be blocked.V-238159MEDIUMActions for Excel 95 workbooks must be configured to edit in Protected View.V-238160MEDIUMActions for Excel 95-97 workbooks and templates must be configured to edit in Protected View.V-238161MEDIUMBlocking as default file block opening behavior must be enforced.V-238162MEDIUMEnabling IE Bind to Object functionality must be present.V-238163MEDIUMOpen/Save actions for Dif and Sylk files must be blocked.V-238164MEDIUMOpen/Save actions for Excel 2 macrosheets and add-in files must be blocked.V-238165MEDIUMOpen/Save actions for Excel 2 worksheets must be blocked.V-238166MEDIUMOpen/Save actions for Excel 3 macrosheets and add-in files must be blocked.V-238167MEDIUMOpen/Save actions for Excel 3 worksheets must be blocked.V-238168MEDIUMSaved from URL mark to assure Internet zone processing must be enforced.V-238169MEDIUMConfiguration for file validation must be enforced.V-238170MEDIUMOpen/Save actions for web pages and Excel 2003 XML spreadsheets must be blocked.V-238171MEDIUMFiles from the Internet zone must be opened in Protected View.V-238172MEDIUMOpen/Save actions for dBase III / IV files must be blocked.V-238173MEDIUMNavigation to URLs embedded in Office products must be blocked.V-238174MEDIUMScripted Window Security must be enforced.V-238175MEDIUMAdd-on Management functionality must be allowed.V-238176MEDIUMAdd-ins to Office applications must be signed by a Trusted Publisher.V-238177MEDIUMLinks that invoke instances of Internet Explorer from within an Office product must be blocked.V-238178MEDIUMTrust Bar Notifications for unsigned application add-ins must be blocked.V-238179MEDIUMFile Downloads must be configured for proper restrictions.V-238180MEDIUMAll automatic loading from trusted locations must be disabled.V-238181MEDIUMDisallowance of trusted locations on the network must be enforced.V-238182MEDIUMThe Save commands default file format must be configured.V-238183MEDIUMThe scanning of encrypted macros in open XML documents must be enforced.V-238184MEDIUMMacro storage must be in personal macro workbooks.V-238185MEDIUMTrust access for VBA must be disallowed.V-238186MEDIUMProtection from zone elevation must be enforced.V-238187MEDIUMActiveX Installs must be configured for proper restriction.V-238188MEDIUMFiles in unsafe locations must be opened in Protected View.V-238189MEDIUMDocument behavior if file validation fails must be set.V-238190MEDIUMExcel attachments opened from Outlook must be in Protected View.V-238191MEDIUMWarning Bar settings for VBA macros must be configured.V-238192MEDIUMWEBSERVICE functions must be disabled.V-238193MEDIUMCorrupt workbook options must be disallowed.V-238194MEDIUMMacros must be blocked from running in Office files from the Internet.V-238195MEDIUMFiles on local Intranet UNC must be opened in Protected View.V-279942HIGHThe version of Excel running on the system must be a supported version.