Microsoft Internet Explorer 11 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000516
Group -
The Internet Explorer warning about certificate address mismatch must be enforced.
This parameter warns users if the certificate being presented by the website is invalid. Since server certificates are used to validate the identity of the web server it is critical to warn the use...Rule Medium Severity -
The Initialize and script ActiveX controls not marked as safe property must be disallowed (Internet zone).
ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not m...Rule Medium Severity -
Accessing data sources across domains must be disallowed (Internet zone).
The ability to access data zones across domains could cause the user to unknowingly access content hosted on an unauthorized server. Access to data sources across multiple domains must be controlle...Rule Medium Severity -
Launching programs and files in IFRAME must be disallowed (Internet zone).
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone. Launching of programs in IFRAME ...Rule Medium Severity -
Userdata persistence must be disallowed (Internet zone).
Userdata persistence must have a level of protection based upon the site being accessed. It is possible for sites hosting malicious content to exploit this feature as part of an attack against visi...Rule Medium Severity -
Java permissions must be configured with High Safety (Intranet zone).
Java applications could contain malicious code. This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, options can be chosen from the drop-down bo...Rule Medium Severity -
Java permissions must be configured with High Safety (Trusted Sites zone).
Java applications could contain malicious code. This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, options can be chosen from the drop-down bo...Rule Medium Severity -
Dragging of content from different domains within a window must be disallowed (Restricted Sites zone).
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window. If you enable this policy setting, u...Rule Medium Severity -
Prevent bypassing SmartScreen Filter warnings must be enabled.
This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter prevents the user from browsing to or downloading from sites that are known to host m...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.