U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Desktop Applications General STIG Ver 4, Rel 5 Checklist Details (Checklist Revisions)

Supporting Resources:


Target CPE Name
Mcafee VirusScan 7.0 cpe:/a:mcafee:virusscan:7.0 (View CVEs)
Microsoft Frontpage 2002 cpe:/a:microsoft:frontpage:2002 (View CVEs)
Microsoft Frontpage 2003 cpe:/a:microsoft:frontpage:2003 (View CVEs)
Microsoft Internet Explorer cpe:/a:microsoft:ie (View CVEs)
Microsoft Office 2000 cpe:/a:microsoft:office:2000 (View CVEs)
Microsoft Office 2003 cpe:/a:microsoft:office:2003 (View CVEs)
Microsoft Office 2007 cpe:/a:microsoft:office:2007 (View CVEs)
Microsoft Office 2007 SP1 cpe:/a:microsoft:office:2007:sp1 (View CVEs)
Microsoft Office XP cpe:/a:microsoft:office:xp (View CVEs)
Microsoft Outlook 2000 cpe:/a:microsoft:outlook:2000 (View CVEs)
Microsoft Outlook 2002 cpe:/a:microsoft:outlook:2002 (View CVEs)
Microsoft Outlook 2007 cpe:/a:microsoft:outlook:2007 (View CVEs)
Microsoft Word 2007 cpe:/a:microsoft:word:2007 (View CVEs)
Netscape Navigator cpe:/a:netscape:navigator (View CVEs)
Symantec Norton Antivirus 10.0 cpe:/a:symantec:norton_antivirus:10.0 (View CVEs)
Symantec Norton Antivirus 9.0 cpe:/a:symantec:norton_antivirus:9.0 (View CVEs)

Checklist Highlights

Checklist Name:
Desktop Applications General STIG
Checklist ID:
Ver 4, Rel 5
Review Status:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:

Checklist Summary:

This Desktop Application Security Checklist provides the procedures for conducting a Security Readiness Review (SRR) to determine compliance with the requirements in the Desktop Application Security Technical Implementation Guide (STIG). This Checklist document must be used together with the corresponding version of the STIG document. This SRR guide focuses strictly on Symantec Antivirus Corporate Edition v9.x and v10.x, McAfee VirusScan v7.x and v8.x, Netscape Navigator, Internet Explorer, Outlook 2000, XP, 2003 and MS Office 2000, XP, 2003. Additionally, this checklist ensures the site has properly installed and implemented specific desktop applications and that it is being managed in a way that is secure, efficient, and effective, through procedures outlined in the checklist. The items reviewed are based on standards and requirements published by DISA in the Security Handbook and the Database Security Technical Implementation Guide. The procedures in this document are part of the effort to ensure that the security configuration guidelines required by Department of Defense (DOD) Directive 8500.1, Information Assurance, and other relevant guidance have been properly implemented.

Checklist Role:

  • Desktop Client

Known Issues:

- The user account from which Desktop Application Gold Disk is run must have Administrator privileges and have the User Right: Manage Auditing and Security Log. - Only the configuration checks that are included in the Desktop Application Gold Disk (Internet Explorer and Microsoft Office) will be evaluated as part of the formal review process. The IAVMs and security patches included on the Desktop Gold Disk are not evaluated as part of the Desktop Application review because they are already covered in either the appropriate Windows Operating System Gold Disk or the appropriate Post Gold Disk Scripts. These will remain in the Desktop Application Gold Disk for the SAs use.

Target Audience:

Developped for the DOD. This checklist has been created for IT professionals, particularly Windows system administrators and information security personnel. The document assumes that the reader has experience installing and administering applications on Windows-based systems in domain or standalone configurations.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DOD Directive 8500.


Please refer to the Checklist or the README.TXT files provided with the scripts for any comments, warnings, or detailed instructions


Not provided.

Product Support:

It should be noted that FSO Support for the STIGs, Checklists, and Tools is only available to DOD Customers.

Point of Contact:



Not provided.


Not provided.

Change History:

Version 4, Release 3 26-October-2012
Version 4, Release 2 27-April-2012
Version 4, Release 1 03-December-2009
Version 4, Release 4 30-October-2014
Updated point of contact field
Updated Resource Title - 15 January 2015
Changed Status from "Under Review" to "Final" - 18 February 2015
Updated URL to reflect change to the DISA website - http --> https
moved to archive status - 4/15/19
Updated URLs - 6/24/19
updated URLs - 9/11/19


URL Description
https://dl.dod.cyber.mil/wp-content/uploads/stigs/pdf/unclassified_windows_desktop_apps_stig_v4r1_memo.pdf Sunset - Desktop Applications Memo


Reference URL Description

NIST checklist record last modified on 09/11/2019