Microsoft Internet Explorer 11 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000112
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes Restrict ActiveX Install must be enforced (Reserved).
<VulnDiscussion>Users often choose to install software such as ActiveX controls that are not permitted by their organization's security polic...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Status bar updates via script must be disallowed (Internet zone).
<VulnDiscussion>This policy setting allows you to manage whether script is allowed to update the status bar within the zone. A script running...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
.NET Framework-reliant components not signed with Authenticode must be disallowed to run (Internet zone).
<VulnDiscussion>Unsigned components are more likely to contain malicious code and it is more difficult to determine the author of the applica...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
.NET Framework-reliant components signed with Authenticode must be disallowed to run (Internet zone).
<VulnDiscussion>It may be possible for someone to host malicious content on a website that takes advantage of these components. This policy s...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Scriptlets must be disallowed (Restricted Sites zone).
<VulnDiscussion>This policy setting allows you to manage whether scriptlets can be allowed. Scriptlets hosted on sites located in this zone a...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Status bar updates via script must be disallowed (Restricted Sites zone).
<VulnDiscussion>A script running in the zone could cause false information to be displayed on the status bar, which could confuse the user an...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
When Enhanced Protected Mode is enabled, ActiveX controls must be disallowed to run in Protected Mode.
<VulnDiscussion>This setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user ha...Rule Medium Severity -
SRG-APP-000039
<GroupDescription></GroupDescription>Group -
Dragging of content from different domains across windows must be disallowed (Internet zone).
<VulnDiscussion>This policy setting allows you to set options for dragging content from one domain to a different domain when the source and ...Rule Medium Severity -
SRG-APP-000416
<GroupDescription></GroupDescription>Group -
Turn off Encryption Support must be enabled.
<VulnDiscussion>This parameter ensures only DoD-approved ciphers and algorithms are enabled for use by the web browser by allowing you to tur...Rule Medium Severity -
SRG-APP-000416
<GroupDescription></GroupDescription>Group -
Allow Fallback to SSL 3.0 (Internet Explorer) must be disabled.
<VulnDiscussion>This parameter ensures only DoD-approved ciphers and algorithms are enabled for use by the web browser by blocking an insecur...Rule Medium Severity -
SRG-APP-000456
<GroupDescription></GroupDescription>Group -
The version of Internet Explorer running on the system must be a supported version.
<VulnDiscussion>Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products t...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.