Skip to content
Log In

Microsoft Internet Explorer 11 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • AutoComplete feature for forms must be disallowed.

    This AutoComplete feature suggests possible matches when users are filling in forms. It is possible that this feature will cache sensitive data and store it in the user's profile, where it might no...
    Rule Medium Severity
    Show

  • Turn on the auto-complete feature for user names and passwords on forms must be disabled.

    This policy setting controls automatic completion of fields in forms on web pages. It is possible that malware could be developed which would be able to extract the cached user names and passwords ...
    Rule Medium Severity
    Show

  • Deleting websites that the user has visited must be disallowed.

    This policy prevents users from deleting the history of websites the user has visited. If you enable this policy setting, websites the user has visited will be preserved when the user clicks "Delet...
    Rule Medium Severity
    Show

  • Scripting of Internet Explorer WebBrowser control property must be disallowed (Internet zone).

    This policy setting controls whether a page may control embedded WebBrowser control via script. Scripted code hosted on sites located in this zone is more likely to contain malicious code. If you e...
    Rule Medium Severity
    Show

  • Internet Explorer Processes for Notification Bars must be enforced (Reserved).

    This policy setting allows you to manage whether the Notification Bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Notification Bar is dis...
    Rule Medium Severity
    Show

  • Cross-Site Scripting Filter must be enforced (Internet zone).

    The Cross-Site Scripting Filter is designed to prevent users from becoming victims of unintentional information disclosure. This setting controls if the Cross-Site Scripting (XSS) Filter detects an...
    Rule Medium Severity
    Show

  • ActiveX controls without prompt property must be used in approved domains only (Restricted Sites zone).

    This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control. If the user were to disable ...
    Rule Medium Severity
    Show

  • Cross-Site Scripting Filter property must be enforced (Restricted Sites zone).

    The Cross-Site Scripting Filter is designed to prevent users from becoming victims of unintentional information disclosure. This setting controls if the Cross-Site Scripting (XSS) Filter detects an...
    Rule Medium Severity
    Show

  • Internet Explorer Processes Restrict ActiveX Install must be enforced (Reserved).

    Users often choose to install software such as ActiveX controls that are not permitted by their organization's security policy. Such software can pose significant security and privacy risks to netw...
    Rule Medium Severity
    Show

  • .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Internet zone).

    Unsigned components are more likely to contain malicious code and it is more difficult to determine the author of the application - therefore they should be avoided if possible. This policy setting...
    Rule Medium Severity
    Show

  • Scriptlets must be disallowed (Restricted Sites zone).

    This policy setting allows you to manage whether scriptlets can be allowed. Scriptlets hosted on sites located in this zone are more likely to contain malicious code. If you enable this policy sett...
    Rule Medium Severity
    Show

  • When Enhanced Protected Mode is enabled, ActiveX controls must be disallowed to run in Protected Mode.

    This setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Prot...
    Rule Medium Severity
    Show

  • SRG-APP-000175

    Group
    Show

  • Check for publishers certificate revocation must be enforced.

    Check for publisher's certificate revocation options should be enforced to ensure all PKI signed objects are validated. Satisfies: SRG-APP-000605
    Rule Low Severity
    Show

  • SRG-APP-000209

    Group
    Show

  • The Download signed ActiveX controls property must be disallowed (Internet zone).

    Active X controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites. Signed code is better than unsigned code in that it may be easier to determine...
    Rule Medium Severity
    Show

  • SRG-APP-000209

    Group
    Show

  • The Download unsigned ActiveX controls property must be disallowed (Internet zone).

    Unsigned code is potentially harmful, especially when coming from an untrusted zone. This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. If ...
    Rule Medium Severity
    Show

  • SRG-APP-000210

    Group
    Show

  • SRG-APP-000141

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules