STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

Microsoft Office System 2016 Security Technical Implementation Guide

Version

V2R5

Release Date

Nov 26, 2025

SCAP Benchmark ID

Microsoft_Office_System_2016

Total Checks

21

Tags

other
CAT I: 1CAT II: 20CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (21)

V-238024MEDIUMThe Help Improve Proofing Tools feature for Office must be configured.V-238025MEDIUMTrust Bar notifications for Security messages must be enforced.V-238026MEDIUMRights managed Office Open XML files must be protected.V-238027MEDIUMDocument metadata for password protected files must be protected.V-238028MEDIUMThe encryption type for password protected Open XML files must be set.V-238029MEDIUMThe encryption type for password protected Office 97 thru Office 2003 must be set.V-238030MEDIUMActiveX control initialization must be disabled.V-238031MEDIUMLoad controls in forms3 must be disabled from loading.V-238032MEDIUMAutomation Security to enforce macro level security in Office documents must be configured.V-238033MEDIUMA mix of policy and user locations for Office Products must be disallowed.V-238034MEDIUMSmart Documents use of Manifests in Office must be disallowed.V-238035MEDIUMConnection verification of permissions must be enforced.V-238036MEDIUMInclusion of document properties for PDF and XPS output must be disallowed.V-238037MEDIUMEncrypt document properties must be configured for OLE documents.V-238038MEDIUMOffice Presentation Service must be removed as an option for presenting PowerPoint and Word online.V-238039MEDIUMThe ability to create an online presentation programmatically must be disabled.V-238040MEDIUMWhen using the Office Feedback tool, the ability to include a screenshot must be disabled.V-238041MEDIUMThe ability to run unsecure Office web add-ins and Catalogs must be disabled.V-238042MEDIUMThe Office Telemetry Agent must be configured to obfuscate the file name, file path, and title of Office documents before uploading telemetry data to the shared folder.V-238043MEDIUMThe ability to send personal information to Office must be disabled.V-279943HIGHThe version of Office running on the system must be a supported version.