Microsoft Internet Explorer 11 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows, must be turned on.
This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 6...Rule Medium Severity -
Checking for signatures on downloaded programs must be enforced.
This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it has not been modified or tampered...Rule Medium Severity -
Script-initiated windows without size or position constraints must be disallowed (Internet zone).
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows including the title and status bars. If you enable this policy setting, Windows Restrictions sec...Rule Medium Severity -
Script-initiated windows without size or position constraints must be disallowed (Restricted Sites zone).
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows including the title and status bars. If you enable this policy setting, Windows Restrictions sec...Rule Medium Severity -
Java permissions must be disallowed (Locked Down Local Machine zone).
Java applications could contain malicious code. This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, options can be chosen from the drop-down bo...Rule Medium Severity -
Java permissions must be disallowed (Locked Down Trusted Sites zone).
Java applications could contain malicious code; sites located in this security zone are more likely to be hosted by malicious individuals. This policy setting allows you to manage permissions for J...Rule Medium Severity -
XAML files must be disallowed (Internet zone).
These are eXtensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that leverage the Window...Rule Medium Severity -
Pop-up Blocker must be enforced (Restricted Sites zone).
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. If you enable this policy setting, m...Rule Medium Severity -
Websites in less privileged web content zones must be prevented from navigating into the Internet zone.
This policy setting allows a user to manage whether websites from less privileged zones, such as Restricted Sites, can navigate into the Internet zone. If this policy setting is enabled, websites f...Rule Medium Severity -
Allow binary and script behaviors must be disallowed (Restricted Sites zone).
This policy setting allows you to manage dynamic binary and script behaviors of components that encapsulate specific functionality for HTML elements, to which they were attached. If you enable this...Rule Medium Severity -
Internet Explorer Processes for MIME handling must be enforced. (Reserved)
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a web server. The Consistent MIME Handling\Internet Explore...Rule Medium Severity -
Internet Explorer Processes for MIME handling must be enforced (Explorer).
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a web server. The Consistent MIME Handling\Internet Explore...Rule Medium Severity -
Internet Explorer Processes for MIME sniffing must be enforced (Explorer).
MIME sniffing is the process of examining the content of a MIME file to determine its context - whether it is a data file, an executable file, or some other type of file. This policy setting determ...Rule Medium Severity -
Internet Explorer Processes for MK protocol must be enforced (Explorer).
The MK Protocol Security Restriction policy setting reduces attack surface area by blocking the seldom used MK protocol. Some older web applications use the MK protocol to retrieve information from...Rule Medium Severity -
Internet Explorer Processes for MK protocol must be enforced (iexplore).
The MK Protocol Security Restriction policy setting reduces attack surface area by blocking the seldom used MK protocol. Some older web applications use the MK protocol to retrieve information from...Rule Medium Severity -
Internet Explorer Processes for Restrict File Download must be enforced (Reserved).
In certain circumstances, websites can initiate file download prompts without interaction from users. This technique can allow websites to put unauthorized files on users' hard drives if they click...Rule Medium Severity -
Internet Explorer Processes for Restrict File Download must be enforced (iexplore).
In certain circumstances, websites can initiate file download prompts without interaction from users. This technique can allow websites to put unauthorized files on users' hard drives if they click...Rule Medium Severity -
Internet Explorer Processes for restricting pop-up windows must be enforced (Explorer).
Internet Explorer allows scripts to programmatically open, resize, and reposition various types of windows. Often, disreputable websites will resize windows to either hide other windows or force a ...Rule Medium Severity -
Internet Explorer Processes for restricting pop-up windows must be enforced (iexplore).
Internet Explorer allows scripts to programmatically open, resize, and reposition various types of windows. Often, disreputable websites will resize windows to either hide other windows or force a ...Rule Medium Severity -
Scripting of Java applets must be disallowed (Restricted Sites zone).
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts can access applets automatically without user interventio...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.