Microsoft Internet Explorer 11 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Scriptlets must be disallowed (Restricted Sites zone).
This policy setting allows you to manage whether scriptlets can be allowed. Scriptlets hosted on sites located in this zone are more likely to contain malicious code. If you enable this policy sett...Rule Medium Severity -
When Enhanced Protected Mode is enabled, ActiveX controls must be disallowed to run in Protected Mode.
This setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Prot...Rule Medium Severity -
SRG-APP-000175
Group -
Check for publishers certificate revocation must be enforced.
Check for publisher's certificate revocation options should be enforced to ensure all PKI signed objects are validated. Satisfies: SRG-APP-000605Rule Low Severity -
SRG-APP-000209
Group -
The Download signed ActiveX controls property must be disallowed (Internet zone).
Active X controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites. Signed code is better than unsigned code in that it may be easier to determine...Rule Medium Severity -
SRG-APP-000209
Group -
The Download unsigned ActiveX controls property must be disallowed (Internet zone).
Unsigned code is potentially harmful, especially when coming from an untrusted zone. This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. If ...Rule Medium Severity -
SRG-APP-000210
Group -
SRG-APP-000141
Group -
The Java permissions must be disallowed (Internet zone).
Java applications could contain malicious code; sites located in this security zone are more likely to be hosted by malicious individuals. This policy setting allows you to manage permissions for J...Rule Medium Severity -
SRG-APP-000039
Group -
SRG-APP-000141
Group -
Functionality to drag and drop or copy and paste files must be disallowed (Internet zone).
Content hosted on sites located in the Internet zone are likely to contain malicious payloads and therefore this feature should be blocked for this zone. Drag and drop or copy and paste files must ...Rule Medium Severity -
SRG-APP-000141
Group -
SRG-APP-000039
Group -
Navigating windows and frames across different domains must be disallowed (Internet zone).
Frames that navigate across different domains are a security concern, because the user may think they are accessing pages on one site while they are actually accessing pages on another site. It is ...Rule Medium Severity -
SRG-APP-000231
Group -
SRG-APP-000141
Group -
Clipboard operations via script must be disallowed (Internet zone).
A malicious script could use the clipboard in an undesirable manner, for example, if the user had recently copied confidential information to the clipboard while editing a document, a malicious scr...Rule Medium Severity -
SRG-APP-000219
Group -
Logon options must be configured to prompt (Internet zone).
Users could submit credentials to servers operated by malicious individuals who could then attempt to connect to legitimate servers with those captured credentials. Care must be taken with user cre...Rule Medium Severity -
SRG-APP-000141
Group -
SRG-APP-000207
Group -
Anti-Malware programs against ActiveX controls must be run for the Intranet zone.
This policy setting determines whether Internet Explorer runs Anti-Malware programs against ActiveX controls, to check if they're safe to load on pages. If you enable this policy setting, Inte...Rule Medium Severity -
SRG-APP-000141
Group -
SRG-APP-000207
Group -
Anti-Malware programs against ActiveX controls must be run for the Trusted Sites zone.
This policy setting determines whether Internet Explorer runs Anti-Malware programs against ActiveX controls, to check if they're safe to load on pages. If you enable this policy setting, Inte...Rule Medium Severity -
SRG-APP-000039
Group -
Dragging of content from different domains within a window must be disallowed (Internet zone).
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window. If you enable this policy setting, u...Rule Medium Severity -
SRG-APP-000039
Group -
Dragging of content from different domains across windows must be disallowed (Restricted Sites zone).
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows. If you enable this policy setting,...Rule Medium Severity -
SRG-APP-000112
Group -
Internet Explorer Processes Restrict ActiveX Install must be enforced (Explorer).
Users often choose to install software such as ActiveX controls that are not permitted by their organization's security policy. Such software can pose significant security and privacy risks to netw...Rule Medium Severity -
SRG-APP-000112
Group -
Internet Explorer Processes Restrict ActiveX Install must be enforced (iexplore).
Users often choose to install software such as ActiveX controls that are not permitted by their organization's security policy. Such software can pose significant security and privacy risks to netw...Rule Medium Severity -
SRG-APP-000039
Group -
SRG-APP-000207
Group -
Anti-Malware programs against ActiveX controls must be run for the Internet zone.
This policy setting determines whether Internet Explorer runs Anti-Malware programs against ActiveX controls, to check if they're safe to load on pages. If you enable this policy setting, Inte...Rule Medium Severity -
SRG-APP-000207
Group -
Anti-Malware programs against ActiveX controls must be run for the Restricted Sites zone.
This policy setting determines whether Internet Explorer runs Anti-Malware programs against ActiveX controls, to check if they're safe to load on pages. If you enable this policy setting, Inte...Rule Medium Severity -
SRG-APP-000278
Group -
SRG-APP-000209
Group -
Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the internet must be enabled.
This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the user about executable files that Internet Explorer users do not commonly do...Rule Medium Severity -
SRG-APP-000210
Group -
SRG-APP-000427
Group -
Prevent ignoring certificate errors option must be enabled.
This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as “expired”, “revoked”, or “name mismat...Rule Medium Severity -
SRG-APP-000278
Group -
Turn on SmartScreen Filter scan option for the Internet Zone must be enabled.
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious ...Rule Medium Severity -
SRG-APP-000278
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.