Request for comments - DISA releases draft Microsoft Office365 ProPlus STIG SCAP benchmark snapshot for review

The Defense Information Systems Agency recently released the draft Microsoft Office365 ProPlus Security Technical Implementation Guide (STIG) Security Content Automation Protocol (SCAP) benchmark snapshot for review.

The draft benchmark is a snapshot of SCAP content developed for the technology and does not include the full spectrum of content expected to be included in the final release of the benchmark.

The Microsoft Office 365 ProPlus SCAP Benchmark must be used with the SCAP Compliance Checker (SCC) application to avoid potential false negative results.

Customers who possess a Common Access Card that has valid Department of Defense certificates can submit comments and/or recommended changes to the draft benchmark snapshot by 03 May 2024 on the comment matrix spreadsheet, which is located with the benchmark at

The draft benchmark snapshot and comment matrix are also available on the Cyber Exchange public site at

Please limit comments and recommendations in the comment matrix to those that address the benchmark. Questions regarding the manual STIG should be sent to

Please email comments to and include the title and version of the benchmark in the subject line.

Users who are unable to find and download these files or other content can report their issue to the Cyber Exchange web team at