STIGQter STIGQter: STIG Summary: Microsoft Internet Explorer 11 Security Technical Implementation Guide

Version: 1

Release: 18 Benchmark Date: 25 Oct 2019

CheckedNameTitle
SV-59337r8_ruleTurn off Encryption Support must be enabled.
SV-59339r1_ruleThe Internet Explorer warning about certificate address mismatch must be enforced.
SV-59341r4_ruleCheck for publishers certificate revocation must be enforced.
SV-59345r1_ruleThe Download signed ActiveX controls property must be disallowed (Internet zone).
SV-59347r1_ruleThe Download unsigned ActiveX controls property must be disallowed (Internet zone).
SV-59365r1_ruleThe Initialize and script ActiveX controls not marked as safe property must be disallowed (Internet zone).
SV-59371r1_ruleThe Java permissions must be disallowed (Internet zone).
SV-59373r1_ruleAccessing data sources across domains must be disallowed (Internet zone).
SV-59375r1_ruleFunctionality to drag and drop or copy and paste files must be disallowed (Internet zone).
SV-59377r1_ruleLaunching programs and files in IFRAME must be disallowed (Internet zone).
SV-59379r1_ruleNavigating windows and frames across different domains must be disallowed (Internet zone).
SV-59381r1_ruleUserdata persistence must be disallowed (Internet zone).
SV-59385r1_ruleClipboard operations via script must be disallowed (Internet zone).
SV-59387r1_ruleLogon options must be configured to prompt (Internet zone).
SV-59389r1_ruleJava permissions must be configured with High Safety (Intranet zone).
SV-59407r1_ruleJava permissions must be configured with High Safety (Trusted Sites zone).
SV-59409r1_ruleDragging of content from different domains within a window must be disallowed (Internet zone).
SV-59411r1_ruleDragging of content from different domains across windows must be disallowed (Restricted Sites zone).
SV-59413r1_ruleInternet Explorer Processes Restrict ActiveX Install must be enforced (Explorer).
SV-59417r1_ruleInternet Explorer Processes Restrict ActiveX Install must be enforced (iexplore).
SV-59419r1_ruleDragging of content from different domains within a window must be disallowed (Restricted Sites zone).
SV-59437r1_ruleThe Download signed ActiveX controls property must be disallowed (Restricted Sites zone).
SV-59439r1_ruleThe Download unsigned ActiveX controls property must be disallowed (Restricted Sites zone).
SV-59441r1_ruleThe Initialize and script ActiveX controls not marked as safe property must be disallowed (Restricted Sites zone).
SV-59443r1_ruleActiveX controls and plug-ins must be disallowed (Restricted Sites zone).
SV-59445r1_ruleActiveX controls marked safe for scripting must be disallowed (Restricted Sites zone).
SV-59447r1_ruleFile downloads must be disallowed (Restricted Sites zone).
SV-59451r1_ruleJava permissions must be disallowed (Restricted Sites zone).
SV-59453r1_ruleAccessing data sources across domains must be disallowed (Restricted Sites zone).
SV-59455r1_ruleThe Allow META REFRESH property must be disallowed (Restricted Sites zone).
SV-59457r1_ruleFunctionality to drag and drop or copy and paste files must be disallowed (Restricted Sites zone).
SV-59461r1_ruleLaunching programs and files in IFRAME must be disallowed (Restricted Sites zone).
SV-59463r1_ruleNavigating windows and frames across different domains must be disallowed (Restricted Sites zone).
SV-59465r1_ruleUserdata persistence must be disallowed (Restricted Sites zone).
SV-59467r1_ruleActive scripting must be disallowed (Restricted Sites Zone).
SV-59469r1_ruleClipboard operations via script must be disallowed (Restricted Sites zone).
SV-59471r1_ruleLogon options must be configured and enforced (Restricted Sites zone).
SV-59473r1_ruleConfiguring History setting must be set to 40 days.
SV-59479r1_ruleInternet Explorer must be set to disallow users to add/delete sites.
SV-59481r1_ruleInternet Explorer must be configured to disallow users to change policies.
SV-59483r1_ruleInternet Explorer must be configured to use machine settings.
SV-59485r1_ruleSecurity checking features must be enforced.
SV-59489r2_ruleSoftware must be disallowed to run or install with invalid signatures.
SV-59493r2_ruleChecking for server certificate revocation must be enforced.
SV-59497r1_ruleChecking for signatures on downloaded programs must be enforced.
SV-59499r1_ruleAll network paths (UNCs) for Intranet sites must be disallowed.
SV-59501r1_ruleScript-initiated windows without size or position constraints must be disallowed (Internet zone).
SV-59503r1_ruleScript-initiated windows without size or position constraints must be disallowed (Restricted Sites zone).
SV-59505r1_ruleScriptlets must be disallowed (Internet zone).
SV-59507r1_ruleAutomatic prompting for file downloads must be disallowed (Internet zone).
SV-59509r1_ruleJava permissions must be disallowed (Local Machine zone).
SV-59511r1_ruleJava permissions must be disallowed (Locked Down Local Machine zone).
SV-59513r1_ruleJava permissions must be disallowed (Locked Down Intranet zone).
SV-59517r1_ruleJava permissions must be disallowed (Locked Down Trusted Sites zone).
SV-59527r1_ruleJava permissions must be disallowed (Locked Down Restricted Sites zone).
SV-59529r1_ruleXAML files must be disallowed (Internet zone).
SV-59533r1_ruleXAML files must be disallowed (Restricted Sites zone).
SV-59545r1_ruleProtected Mode must be enforced (Internet zone).
SV-59549r1_ruleProtected Mode must be enforced (Restricted Sites zone).
SV-59553r1_rulePop-up Blocker must be enforced (Internet zone).
SV-59555r1_rulePop-up Blocker must be enforced (Restricted Sites zone).
SV-59557r1_ruleWebsites in less privileged web content zones must be prevented from navigating into the Internet zone.
SV-59559r1_ruleWebsites in less privileged web content zones must be prevented from navigating into the Restricted Sites zone.
SV-59565r1_ruleAllow binary and script behaviors must be disallowed (Restricted Sites zone).
SV-59569r1_ruleAutomatic prompting for file downloads must be disallowed (Restricted Sites zone).
SV-59573r1_ruleInternet Explorer Processes for MIME handling must be enforced. (Reserved)
SV-59575r1_ruleInternet Explorer Processes for MIME handling must be enforced (Explorer).
SV-59577r1_ruleInternet Explorer Processes for MIME handling must be enforced (iexplore).
SV-59579r1_ruleInternet Explorer Processes for MIME sniffing must be enforced (Reserved).
SV-59581r1_ruleInternet Explorer Processes for MIME sniffing must be enforced (Explorer).
SV-59583r1_ruleInternet Explorer Processes for MIME sniffing must be enforced (iexplore).
SV-59585r1_ruleInternet Explorer Processes for MK protocol must be enforced (Reserved).
SV-59587r1_ruleInternet Explorer Processes for MK protocol must be enforced (Explorer).
SV-59589r1_ruleInternet Explorer Processes for MK protocol must be enforced (iexplore).
SV-59591r1_ruleInternet Explorer Processes for Zone Elevation must be enforced (Reserved).
SV-59593r1_ruleInternet Explorer Processes for Zone Elevation must be enforced (Explorer).
SV-59595r1_ruleInternet Explorer Processes for Zone Elevation must be enforced (iexplore).
SV-59597r1_ruleInternet Explorer Processes for Restrict File Download must be enforced (Reserved).
SV-59645r1_ruleInternet Explorer Processes for Restrict File Download must be enforced (Explorer).
SV-59647r1_ruleInternet Explorer Processes for Restrict File Download must be enforced (iexplore).
SV-59653r1_ruleInternet Explorer Processes for restricting pop-up windows must be enforced (Reserved).
SV-59655r1_ruleInternet Explorer Processes for restricting pop-up windows must be enforced (Explorer).
SV-59657r1_ruleInternet Explorer Processes for restricting pop-up windows must be enforced (iexplore).
SV-59663r1_rule.NET Framework-reliant components not signed with Authenticode must be disallowed to run (Restricted Sites Zone).
SV-59665r1_rule.NET Framework-reliant components signed with Authenticode must be disallowed to run (Restricted Sites Zone).
SV-59667r1_ruleScripting of Java applets must be disallowed (Restricted Sites zone).
SV-59673r1_ruleAutoComplete feature for forms must be disallowed.
SV-59677r1_ruleCrash Detection management must be enforced.
SV-59681r1_ruleTurn on the auto-complete feature for user names and passwords on forms must be disabled.
SV-59685r3_ruleManaging SmartScreen Filter use must be enforced.
SV-59695r1_ruleBrowser must retain history on exit.
SV-59707r1_ruleDeleting websites that the user has visited must be disallowed.
SV-59713r1_ruleInPrivate Browsing must be disallowed.
SV-59715r1_ruleScripting of Internet Explorer WebBrowser control property must be disallowed (Internet zone).
SV-59719r1_ruleWhen uploading files to a server, the local directory path must be excluded (Internet zone).
SV-59723r1_ruleInternet Explorer Processes for Notification Bars must be enforced (Reserved).
SV-59725r1_ruleSecurity Warning for unsafe files must be set to prompt (Internet zone).
SV-59727r1_ruleInternet Explorer Processes for Notification Bars must be enforced (Explorer).
SV-59729r1_ruleActiveX controls without prompt property must be used in approved domains only (Internet zone).
SV-59735r1_ruleInternet Explorer Processes for Notification Bars must be enforced (iexplore).
SV-59745r1_ruleCross-Site Scripting Filter must be enforced (Internet zone).
SV-59749r1_ruleScripting of Internet Explorer WebBrowser Control must be disallowed (Restricted Sites zone).
SV-59751r1_ruleWhen uploading files to a server, the local directory path must be excluded (Restricted Sites zone).
SV-59755r1_ruleSecurity Warning for unsafe files must be disallowed (Restricted Sites zone).
SV-59759r1_ruleActiveX controls without prompt property must be used in approved domains only (Restricted Sites zone).
SV-59761r1_ruleCross-Site Scripting Filter property must be enforced (Restricted Sites zone).
SV-59763r1_ruleInternet Explorer Processes Restrict ActiveX Install must be enforced (Reserved).
SV-59769r1_ruleStatus bar updates via script must be disallowed (Internet zone).
SV-59773r1_rule.NET Framework-reliant components not signed with Authenticode must be disallowed to run (Internet zone).
SV-59787r1_rule.NET Framework-reliant components signed with Authenticode must be disallowed to run (Internet zone).
SV-59793r1_ruleScriptlets must be disallowed (Restricted Sites zone).
SV-59805r1_ruleStatus bar updates via script must be disallowed (Restricted Sites zone).
SV-59841r1_ruleWhen Enhanced Protected Mode is enabled, ActiveX controls must be disallowed to run in Protected Mode.
SV-59847r1_ruleDragging of content from different domains across windows must be disallowed (Internet zone).
SV-59853r2_ruleEnhanced Protected Mode functionality must be enforced.
SV-59861r1_ruleThe 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows, must be turned on.
SV-59863r1_ruleAnti-Malware programs against ActiveX controls must be run for the Internet zone.
SV-59865r1_ruleAnti-Malware programs against ActiveX controls must be run for the Intranet zone.
SV-59869r1_ruleAnti-Malware programs against ActiveX controls must be run for the Local Machine zone.
SV-59871r1_ruleAnti-Malware programs against ActiveX controls must be run for the Restricted Sites zone.
SV-59875r1_ruleAnti-Malware programs against ActiveX controls must be run for the Trusted Sites zone.
SV-79201r2_rulePrevent bypassing SmartScreen Filter warnings must be enabled.
SV-79203r2_rulePrevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the internet must be enabled.
SV-79205r1_rulePrevent per-user installation of ActiveX controls must be enabled.
SV-79207r2_rulePrevent ignoring certificate errors option must be enabled.
SV-79209r1_ruleTurn on SmartScreen Filter scan option for the Internet Zone must be enabled.
SV-79211r1_ruleTurn on SmartScreen Filter scan option for the Restricted Sites Zone must be enabled.
SV-79213r1_ruleThe Initialize and script ActiveX controls not marked as safe must be disallowed (Intranet Zone).
SV-79215r1_ruleThe Initialize and script ActiveX controls not marked as safe must be disallowed (Trusted Sites Zone).
SV-79219r3_ruleAllow Fallback to SSL 3.0 (Internet Explorer) must be disabled.
SV-87395r2_ruleRun once selection for running outdated ActiveX controls must be disabled.
SV-87397r2_ruleEnabling outdated ActiveX controls for Internet Explorer must be blocked.
SV-87399r2_ruleUse of the Tabular Data Control (TDC) ActiveX control must be disabled for the Internet Zone.
SV-87401r2_ruleUse of the Tabular Data Control (TDC) ActiveX control must be disabled for the Restricted Sites Zone.
SV-89849r1_ruleVBScript must not be allowed to run in Internet Explorer (Internet zone).
SV-89851r1_ruleVBScript must not be allowed to run in Internet Explorer (Restricted Sites zone).
SV-106631r1_ruleInternet Explorer Development Tools Must Be Disabled.