STIGQter STIGQter: STIG Summary: Microsoft Edge Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 14 Jan 2021:

The default search provider must be set to use an encrypted connection.

DISA Rule

SV-235726r626523_rule

Vulnerability Number

V-235726

Group Title

SRG-APP-000141

Rule Version

EDGE-00-000009

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Manage Search Engines".

Check Contents

The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Manage Search Engines" must be configured.

Use the Windows Registry Editor to navigate to the following key:
HKLM\SOFTWARE\Policies\Microsoft\Edge\Recommended

Example REG_SZ value text:
[{"allow_search_engine_discovery": false},{"is_default": true,"name": "Microsoft Bing","keyword": "bing","search_url": "https://www.bing.com/search?q={searchTerms}"},{"name": "Google","keyword": "google","search_url": "https://www.google.com/search?q={searchTerms}"}]

If any of the search URLs in the list do not begin with "https", this is a finding.

Vulnerability Number

V-235726

Documentable

False

Rule Version

EDGE-00-000009

Severity Override Guidance

The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Manage Search Engines" must be configured.

Use the Windows Registry Editor to navigate to the following key:
HKLM\SOFTWARE\Policies\Microsoft\Edge\Recommended

Example REG_SZ value text:
[{"allow_search_engine_discovery": false},{"is_default": true,"name": "Microsoft Bing","keyword": "bing","search_url": "https://www.bing.com/search?q={searchTerms}"},{"name": "Google","keyword": "google","search_url": "https://www.google.com/search?q={searchTerms}"}]

If any of the search URLs in the list do not begin with "https", this is a finding.

Check Content Reference

M

Target Key

5280

Comments