Skip to main content
CUI

Scan: _Reviewed/MONT-WS-92040/Checklist/MONT-WS-92040_MSOffice365_V3R3_20251023-142330.ckl

Back to USNS MONTFORD POINT Scans

Scan Information

Hull Number
T-ESD-1
Scan Date
2026-01-14
Source File
MONT-WS-92040 MSOffice365 20251023-142330
Source Tool
Evaluate-STIG
Imported
2026-01-14 17:57
Hostname (from CKL asset — override if blank or incorrect)
Upgrade History Export CSV Export Excel
STIG Benchmark

Microsoft Office 365 ProPlus Security Technical Implementation Guide

Version

V3R5

Score

73.2%

Total

138

Open

37

OCA Technology Area

Assign this checklist to an OCA assessment area for scoring

Hostname
MONT-WS-92040
STIG Benchmark
Microsoft Office 365 ProPlus Security Technical Implementation Guide
Current Area: Windows OS
View all findings in Windows OS area →

STIG Rule Mapping

138
Mapped to STIG
0
Unmapped
138
Total Findings
All findings mapped to STIG rules.

Checklist Scoring

Severity Not a Finding Not Applicable Open Not Reviewed Total
CAT I 1 0 0 0 1
CAT II 82 18 37 0 137
CAT III 0 0 0 0 0
Total 83 18 37 0 138
Filter:

Vuln IDs (138)

V-223280 Macros must be blocked from running in Access file...
V-223281 Trust Bar Notifications for unsigned application a...
V-223282 VBA macros not digitally signed must be blocked in...
V-223284 The Macro Runtime Scan Scope must be enabled for a...
V-223285 Document metadata for rights managed Office Open X...
V-223286 The Office client must be prevented from polling t...
V-223287 Custom user interface (UI) code must be blocked fr...
V-223288 ActiveX Controls must be initialized in Safe Mode.
V-223289 Macros in all Office applications that are opened ...
V-223290 Trust Bar notifications must be configured to disp...
V-223291 Office applications must be configured to specify ...
V-223292 Office applications must be configured to specify ...
V-223293 Users must be prevented from creating new trusted ...
V-223294 Office applications must not load XML expansion pa...
V-223295 The load of controls in Forms3 must be blocked.
V-223296 Add-on Management must be enabled for all Office 3...
V-223297 Consistent MIME handling must be enabled for all O...
V-223298 User name and password must be disabled in all Off...
V-223299 The Information Bar must be enabled in all Office ...
V-223300 The Local Machine Zone Lockdown Security must be e...
V-223301 The MIME Sniffing safety feature must be enabled i...
V-223302 Navigate URL must be enabled in all Office program...
V-223303 Object Caching Protection must be enabled in all O...
V-223304 Protection from zone elevation must be enabled in ...
V-223305 ActiveX installation restriction must be enabled i...
V-223306 File Download Restriction must be enabled in all O...
V-223307 The Save from URL feature must be enabled in all O...
V-223308 Scripted Windows Security restrictions must be ena...
V-223309 Flash player activation must be disabled in all Of...
V-223310 Trusted Locations on the network must be disabled ...
V-223311 VBA Macros not digitally signed must be blocked in...
V-223312 Dynamic Data Exchange (DDE) server launch in Excel...
V-223313 Dynamic Data Exchange (DDE) server lookup in Excel...
V-223314 Open/save of dBase III / IV format files must be b...
V-223315 Open/save of Dif and Sylk format files must be blo...
V-223316 Open/save of Excel 2 macrosheets and add-in files ...
V-223317 Open/save of Excel 2 worksheets must be blocked.
V-223318 Open/save of Excel 3 macrosheets and add-in files ...
V-223319 Open/save of Excel 3 worksheets must be blocked.
V-223320 Open/save of Excel 4 macrosheets and add-in files ...
V-223321 Open/save of Excel 4 workbooks must be blocked.
V-223322 Open/save of Excel 4 worksheets must be blocked.
V-223323 Open/save of Excel 95 workbooks must be blocked.
V-223324 Open/save of Excel 95-97 workbooks and templates m...
V-223325 The default file block behavior must be set to not...
V-223326 Open/save of Web pages and Excel 2003 XML spreadsh...
V-223327 Extraction options must be blocked when opening co...
V-223328 Updating of links in Excel must be prompted and no...
V-223329 Loading of pictures from Web pages not created in ...
V-223330 AutoRepublish in Excel must be disabled.
V-223331 AutoRepublish warning alert in Excel must be enabl...
V-223332 File extensions must be enabled to match file type...
V-223333 Scan of encrypted macros in Excel Open XML workboo...
V-223334 File validation in Excel must be enabled.
V-223335 WEBSERVICE Function Notification in Excel must be ...
V-223336 Macros must be blocked from running in Excel files...
V-223337 Trust Bar notification must be enabled for unsigne...
V-223338 Untrusted Microsoft Query files must be blocked fr...
V-223339 Untrusted database files must be opened in Excel i...
V-223340 Files from Internet zone must be opened in Excel i...
V-223341 Files from unsafe locations must be opened in Exce...
V-223342 Files failing file validation must be opened in Ex...
V-223343 File attachments from Outlook must be opened in Ex...
V-223344 The SIP security mode in Lync must be enabled.
V-223345 The HTTP fallback for SIP connection in Lync must ...
V-223346 The Exchange client authentication with Exchange s...
V-223347 Outlook must use remote procedure call (RPC) encry...
V-223348 Scripts associated with public folders must be pre...
V-223349 Scripts associated with shared folders must be pre...
V-223350 Files dragged from an Outlook e-mail to the file s...
V-223351 The junk email protection level must be set to No ...
V-223352 Active X One-Off forms must only be enabled to loa...
V-223353 Outlook must be configured to prevent users overri...
V-223354 Internet must not be included in Safe Zone for pic...
V-223355 The Publish to Global Address List (GAL) button mu...
V-223356 The minimum encryption key length in Outlook must ...
V-223357 The warning about invalid digital signatures must ...
V-223358 Outlook must be configured to allow retrieving of ...
V-223359 The Outlook Security Mode must be enabled to alway...
V-223360 The ability to demote attachments from Level 2 to ...
V-223361 The display of Level 1 attachments must be disable...
V-223362 Level 1 file attachments must be blocked from bein...
V-223363 Level 2 file attachments must be blocked from bein...
V-223364 Outlook must be configured to not run scripts in f...
V-223365 When a custom action is executed that uses the Out...
V-223366 When an untrusted program attempts to programmatic...
V-223367 When a user designs a custom form in Outlook and a...
V-223368 When an untrusted program attempts to use the Save...
V-223369 When an untrusted program attempts to gain access ...
V-223370 When an untrusted program attempts to programmatic...
V-223371 When an untrusted program attempts to send e-mail ...
V-223372 Outlook must be configured to not allow hyperlinks...
V-223373 The Security Level for macros in Outlook must be c...
V-223374 Trusted Locations on the network must be disabled ...
V-223375 Project must automatically disable unsigned add-in...
V-223376 VBA Macros not digitally signed must be blocked in...
V-223377 VBA Macros not digitally signed must be blocked in...
V-223378 The ability to run programs from PowerPoint must b...
V-223379 Open/Save of PowerPoint 97-2003 presentations, sho...
V-223380 The default file block behavior must be set to not...
V-223381 Encrypted macros in PowerPoint Open XML presentati...
V-223382 File validation in PowerPoint must be enabled.
V-223383 Macros from the Internet must be blocked from runn...
V-223384 Unsigned add-ins in PowerPoint must be blocked wit...
V-223385 Files downloaded from the Internet must be opened ...
V-223386 PowerPoint attachments opened from Outlook must be...
V-223387 Files in unsafe locations must be opened in Protec...
V-223388 If file validation fails, files must be opened in ...
V-223389 The use of network locations must be ignored in Po...
V-223390 Publisher must be configured to prompt the user wh...
V-223391 Publisher must automatically disable unsigned add-...
V-223392 Publisher must disable all unsigned VBA macros.
V-223393 VBA Macros not digitally signed must be blocked in...
V-223394 Trusted Locations on the network must be disabled ...
V-223395 Visio must automatically disable unsigned add-ins ...
V-223396 Visio 2000-2002 Binary Drawings, Templates and Ste...
V-223397 Visio 2003-2010 Binary Drawings, Templates and Ste...
V-223398 Visio 5.0 or earlier Binary Drawings, Templates an...
V-223399 Macros must be blocked from running in Visio files...
V-223400 Word must automatically disable unsigned add-ins w...
V-223401 In Word, encrypted macros must be scanned.
V-223402 Files downloaded from the Internet must be opened ...
V-223403 Files located in unsafe locations must be opened i...
V-223404 If file validation fails, files must be opened in ...
V-223405 Word attachments opened from Outlook must be in Pr...
V-223406 The default file block behavior must be set to not...
V-223407 Open/Save of Word 2 and earlier binary documents a...
V-223408 Open/Save of Word 2000 binary documents and templa...
V-223409 Open/Save of Word 2003 binary documents and templa...
V-223410 Open/Save of Word 2007 and later binary documents ...
V-223411 Open/Save of Word 6.0 binary documents and templat...
V-223412 Open/Save of Word 95 binary documents and template...
V-223413 Open/Save of Word 97 binary documents and template...
V-223414 Open/Save of Word XP binary documents and template...
V-223415 In Word, macros must be blocked from running, even...
V-223416 Trusted Locations on the network must be disabled ...
V-223417 VBA Macros not digitally signed must be blocked in...
V-223418 File validation in Word must be enabled.

Vulnerability Details

Click a Vuln ID on the left to view details.

Status & Comments

Select a finding to edit.

← Back to USNS MONTFORD POINT Scans
CUI