Checklist Summary:

The Microsoft Office 2016 Security Technical Implementation Guides (STIGs) provide the technical security policies, requirements, and implementation details for applying security concepts to Office 2016 applications. These documents are meant to improve the security of Department of Defense (DoD) information systems. There are multiple STIG packages for Microsoft Office 2016, each contains technology-specific guidelines for the respective package. The Microsoft Office System 2016 STIG must also be applied when any Office 2016 package is installed. The individual packages are: • Microsoft Access 2016 • Microsoft Excel 2016 • Microsoft Office System 2016 • Microsoft OneDrive for Business 2016 • Microsoft OneNote 2016 • Microsoft Outlook 2016 • Microsoft PowerPoint 2016 • Microsoft Project 2016 • Microsoft Publisher 2016 • Microsoft Skype for Business 2016 • Microsoft Visio 2016 • Microsoft Word 2016

Checklist Role:

• Desktop Client
• Office Software

Known Issues:

Not provided.

Target Audience:

Developed for the DOD. This checklist has been created for IT professionals, particularly Windows system administrators and information security personnel. The document assumes that the reader has experience installing and administering applications on Windows-based systems in domain or standalone configurations.

Target Operational Environment:

• Managed
• Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DOD Directive 8500.1

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

Not provided.

Product Support:

Not provided.

Point of Contact:

disa.stig_spt@mail.mil

Sponsor:

Not provided.

Licensing:

Not provided.

Change History:

Updated to FINAL - 02/23/2017
Updated URL to reflect change to the DISA website - http --> https
null
updated benchmark to v1,r2 - 4/25/18
Corrected Title - 5/9/18
corrected resource title - 5/24/18
corrected benchmark - 5/24/18
Update to FINAL - 5/25/18
Added GPOs - 8/6/18
Updated to FINAL - 9/6/2018
Updated benchmark - 10/25/18
Updated to FINAL - 11/26/18
Updated GPO Resource - 11/29/2018
Corrected SHA for GPO file - 12/19/2018
updated GPO file - 2/8/19
Status Updated to FINAL - 3/8/19
Updated URLs - 6/7/19
Removed Unsupported Content Link 8/30/2019
Updated GPO file - 10/31/19
Updated GPO file per DISA - 1/29/2020
Updated GPO file per DISA - 2/3/2020
updated GPO file - 3/6/2020
updated resource title per DISA - 3/12/2020
updated GPO file - 4/27/2020
Updated GPO file per DISA - 7/7/20
Updated GPO file per DISA - 8/5/2020
Updated Benchmark per DISA - 8/11/2020
Updated Title per DISA - 8/19/2020
benchmark removed per DISA - 9/4/2020
updated GPO file - 10/29/2020
Updated GPO - 12/4/2020
Updated GPO per DISA - 1/28/21
Updated GPO per DISA - 3/1/21
Updated GPO per DISA - 5/12/21
Updated resource per DISA - 7/29/21
Group Policy Objects (GPOs) - July 2021
null
Updated GPO per DISA - 8/24/21
updated GPO files - 11/22/2021
updated URLs - 1/26/2022
Updated GPO per DISA - 2/17/22
Updated GPO per DISA - 5/3/22
Updated GPO per DISA - 5/29/22
null
Updated GPO per DISA - 8/1/22
null
updated GPO file - 11/7/2022
updated GPO file - 1/31/2023
Updated GPO per DISA - 5/1/23
Updated GPO per DISA - 7/31/23
Updated GPO per DISA - 8/21/23
Updated GPO per DISA - 11/2/23
Corrected SHA discrepancy - 11/3/2023
updated GPO package - 1/31/24
SHA - 2/7/24
Update Version and Resources - 06/10/2024
Resource Updated - 11/14/2024

Dependency/Requirements:

URL	Description

References:

Reference URL	Description

NIST checklist record last modified on 11/14/2024