DISA STIGS Viewer

Office applications must be configured to specify encryption type in password-protected Office Open XML files.

Overview

Finding ID Version Rule ID IA Controls Severity
V-223292 O365-CO-000009 SV-223292r961128_rule   Medium
Description
STIG Date
Microsoft Office 365 ProPlus Security Technical Implementation Guide 2025-03-05

Details

Check Text (C-24965r442095_chk)
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2016 >> Security Settings >> Encryption type for password protected Office Open XML files is set to Microsoft Enhanced RSA and AES Cryptographic Provider,AES 256,256.

Use the Windows Registry Editor to navigate to the following key:

HKCU\software\policies\microsoft\office\16.0\common\security

If the value OpenXMLEncryption is REG_SZ = "Microsoft Enhanced RSA and AES Cryptographic Provider,AES 256,256", this is not a finding.
Fix Text (F-24953r442096_fix)
Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2016 >> Security Settings >> Encryption type for password protected Office Open XML files to Microsoft Enhanced RSA and AES Cryptographic Provider,AES 256,256.