Skip to content
Log In

Microsoft Internet Explorer 11 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Internet Explorer Processes for MIME sniffing must be enforced (iexplore).

    MIME sniffing is the process of examining the content of a MIME file to determine its context - whether it is a data file, an executable file, or some other type of file. This policy setting determ...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Internet Explorer Processes for MK protocol must be enforced (Reserved).

    The MK Protocol Security Restriction policy setting reduces attack surface area by blocking the seldom used MK protocol. Some older web applications use the MK protocol to retrieve information from...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000233

    Group
    Show

  • Internet Explorer Processes for Zone Elevation must be enforced (Reserved).

    Internet Explorer places restrictions on each web page it opens that are dependent upon the location of the web page (such as Internet Zone, Intranet Zone, or Local Machine Zone). Web pages on a lo...
    Rule Medium Severity
    Show

  • SRG-APP-000233

    Group
    Show

  • Internet Explorer Processes for Zone Elevation must be enforced (Explorer).

    Internet Explorer places restrictions on each web page it opens that are dependent upon the location of the web page (such as Internet Zone, Intranet Zone, or Local Machine Zone). Web pages on a lo...
    Rule Medium Severity
    Show

  • SRG-APP-000233

    Group
    Show

  • Internet Explorer Processes for Zone Elevation must be enforced (iexplore).

    Internet Explorer places restrictions on each web page it opens that are dependent upon the location of the web page (such as Internet Zone, Intranet Zone, or Local Machine Zone). Web pages on a lo...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000141

    Group
    Show

  • Internet Explorer Processes for Restrict File Download must be enforced (Explorer).

    In certain circumstances, websites can initiate file download prompts without interaction from users. This technique can allow websites to put unauthorized files on users' hard drives if they click...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000141

    Group
    Show

  • Internet Explorer Processes for restricting pop-up windows must be enforced (Reserved).

    Internet Explorer allows scripts to programmatically open, resize, and reposition various types of windows. Often, disreputable websites will resize windows to either hide other windows or force th...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000516

    Group
    Show

  • .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Restricted Sites Zone).

    This policy setting allows you to manage whether .NET Framework-reliant components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed con...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • .NET Framework-reliant components signed with Authenticode must be disallowed to run (Restricted Sites Zone).

    This policy setting allows you to manage whether .NET Framework-reliant components that are signed with Authenticode can be executed from Internet Explorer. It may be possible for malicious content...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000141

    Group
    Show

  • Crash Detection management must be enforced.

    The 'Turn off Crash Detection' policy setting allows you to manage the crash detection feature of add-on management in Internet Explorer. A crash report could contain sensitive information from the...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000206

    Group
    Show

  • Managing SmartScreen Filter use must be enforced.

    This setting is important from a security perspective because Microsoft has extensive data illustrating the positive impact the SmartScreen filter has had on reducing the risk of malware infection ...
    Rule Medium Severity
    Show

  • SRG-APP-000089

    Group
    Show

  • Browser must retain history on exit.

    Delete Browsing History on exit automatically deletes specified items when the last browser window closes. Disabling this function will prevent users from deleting their browsing history, which co...
    Rule Medium Severity
    Show

  • SRG-APP-000089

    Group
    Show

  • SRG-APP-000080

    Group
    Show

  • InPrivate Browsing must be disallowed.

    InPrivate Browsing lets the user control whether or not Internet Explorer saves the browsing history, cookies, and other data. User control of settings is not the preferred control method. The InPr...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000141

    Group
    Show

  • When uploading files to a server, the local directory path must be excluded (Internet zone).

    This policy setting controls whether or not the local path information will be sent when uploading a file via a HTML form. If the local path information is sent, some information may be unintention...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000516

    Group
    Show

  • Security Warning for unsafe files must be set to prompt (Internet zone).

    This policy setting controls whether or not the 'Open File - Security Warning' message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file ...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Internet Explorer Processes for Notification Bars must be enforced (Explorer).

    This policy setting allows you to manage whether the Notification Bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Notification Bar is dis...
    Rule Medium Severity
    Show

  • SRG-APP-000210

    Group
    Show

  • ActiveX controls without prompt property must be used in approved domains only (Internet zone).

    This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control. If the user were to disable ...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Internet Explorer Processes for Notification Bars must be enforced (iexplore).

    This policy setting allows you to manage whether the Notification Bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Notification Bar is dis...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000141

    Group
    Show

  • Scripting of Internet Explorer WebBrowser Control must be disallowed (Restricted Sites zone).

    This policy setting controls whether a page may control embedded WebBrowser Control via script. Scripted code hosted on sites located in this zone is more likely to contain malicious code. If you e...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules