Microsoft Internet Explorer 11 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Prevent per-user installation of ActiveX controls must be enabled.
This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis. If you enable this policy setting, ActiveX controls cannot be installed on a per-user basis. If y...Rule Medium Severity -
The Initialize and script ActiveX controls not marked as safe must be disallowed (Trusted Sites Zone).
ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not m...Rule Medium Severity -
VBScript must not be allowed to run in Internet Explorer (Internet zone).
This policy setting allows the management of whether VBScript can be run on pages from the specified zone in Internet Explorer. By selecting "Enable" in the drop-down box, VBScript can run without ...Rule Medium Severity -
Java permissions must be disallowed (Restricted Sites zone).
Java applications could contain malicious code; sites located in this security zone are more likely to be hosted by malicious individuals. This policy setting allows you to manage permissions for J...Rule Medium Severity -
Active scripting must be disallowed (Restricted Sites Zone).
Active scripts hosted on sites located in this zone are more likely to contain malicious code. Active scripting must have a level of protection based upon the site being accessed. This policy setti...Rule Medium Severity -
Clipboard operations via script must be disallowed (Restricted Sites zone).
A malicious script could use the clipboard in an undesirable manner, for example, if the user had recently copied confidential information to the clipboard while editing a document, a malicious scr...Rule Medium Severity -
Logon options must be configured and enforced (Restricted Sites zone).
Users could submit credentials to servers operated by malicious individuals who could then attempt to connect to legitimate servers with those captured credentials. Care must be taken with user cre...Rule Medium Severity -
Configuring History setting must be set to 40 days.
This setting specifies the number of days that Internet Explorer keeps track of the pages viewed in the History List. The delete Browsing History option can be accessed using Tools, Internet Option...Rule Medium Severity -
Internet Explorer must be set to disallow users to add/delete sites.
This setting prevents users from adding sites to various security zones. Users should not be able to add sites to different zones, as this could allow them to bypass security controls of the system...Rule Medium Severity -
Internet Explorer must be configured to disallow users to change policies.
Users who change their Internet Explorer security settings could enable the execution of dangerous types of code from the Internet and websites listed in the Restricted Sites zone in the browser. T...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.