STIGQter STIGQter: STIG Summary: Microsoft Internet Explorer 11 Security Technical Implementation Guide Version: 1 Release: 19 Benchmark Date: 24 Jul 2020:

Turn off Encryption Support must be enabled.

DISA Rule

SV-59337r8_rule

Vulnerability Number

V-46473

Group Title

DTBI014-IE11-TLS setting

Rule Version

DTBI014-IE11

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Advanced Page >> "Turn off Encryption Support" to "Enabled".

Select only "Use TLS 1.1" and "Use TLS 1.2" from the drop-down box.

Check Contents

The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Advanced Page >> "Turn off Encryption Support" must be "Enabled".

Verify the only options selected are "Use TLS 1.1" and "Use TLS 1.2" from the drop-down box.

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!SecureProtocols.

Criteria: If the value for "SecureProtocols" is not REG_DWORD = "2560", this is a finding.

Vulnerability Number

V-46473

Documentable

False

Rule Version

DTBI014-IE11

Severity Override Guidance

The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Advanced Page >> "Turn off Encryption Support" must be "Enabled".

Verify the only options selected are "Use TLS 1.1" and "Use TLS 1.2" from the drop-down box.

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!SecureProtocols.

Criteria: If the value for "SecureProtocols" is not REG_DWORD = "2560", this is a finding.

Check Content Reference

M

Target Key

2589

Comments