Skip to content
Log In

I - Mission Critical Public

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000210

    Group
    Show

  • Prevent per-user installation of ActiveX controls must be enabled.

    This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis. If you enable this policy setting, ActiveX controls cannot be installed on a per-user basis. If y...
    Rule Medium Severity
    Show

  • SRG-APP-000427

    Group
    Show

  • Prevent ignoring certificate errors option must be enabled.

    This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as “expired”, “revoked”, or “name mismat...
    Rule Medium Severity
    Show

  • SRG-APP-000278

    Group
    Show

  • Turn on SmartScreen Filter scan option for the Internet Zone must be enabled.

    This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious ...
    Rule Medium Severity
    Show

  • SRG-APP-000278

    Group
    Show

  • Turn on SmartScreen Filter scan option for the Restricted Sites Zone must be enabled.

    This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious ...
    Rule Medium Severity
    Show

  • SRG-APP-000210

    Group
    Show

  • The Initialize and script ActiveX controls not marked as safe must be disallowed (Intranet Zone).

    ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not m...
    Rule Medium Severity
    Show

  • SRG-APP-000210

    Group
    Show

  • The Initialize and script ActiveX controls not marked as safe must be disallowed (Trusted Sites Zone).

    ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not m...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Run once selection for running outdated ActiveX controls must be disabled.

    This feature keeps ActiveX controls up to date and helps make them safer to use in Internet Explorer. Many ActiveX controls are not automatically updated as new versions are released. It is very im...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Enabling outdated ActiveX controls for Internet Explorer must be blocked.

    This feature keeps ActiveX controls up to date and helps make them safer to use in Internet Explorer. Many ActiveX controls are not automatically updated as new versions are released. It is very im...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Use of the Tabular Data Control (TDC) ActiveX control must be disabled for the Internet Zone.

    This policy setting determines whether users can run the Tabular Data Control (TDC) ActiveX control, based on security zone. By default, the TDC ActiveX Control is disabled in the Internet and Rest...
    Rule Medium Severity
    Show

  • SRG-APP-000209

    Group
    Show

  • The Download signed ActiveX controls property must be disallowed (Restricted Sites zone).

    ActiveX controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites. Signed code is better than unsigned code in that it may be easier to determine ...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Use of the Tabular Data Control (TDC) ActiveX control must be disabled for the Restricted Sites Zone.

    This policy setting determines whether users can run the Tabular Data Control (TDC) ActiveX control, based on security zone. By default, the TDC ActiveX Control is disabled in the Internet and Rest...
    Rule Medium Severity
    Show

  • SRG-APP-000209

    Group
    Show

  • VBScript must not be allowed to run in Internet Explorer (Internet zone).

    This policy setting allows the management of whether VBScript can be run on pages from the specified zone in Internet Explorer. By selecting "Enable" in the drop-down box, VBScript can run without ...
    Rule Medium Severity
    Show

  • SRG-APP-000209

    Group
    Show

  • The Download unsigned ActiveX controls property must be disallowed (Restricted Sites zone).

    Unsigned code is potentially harmful, especially when coming from an untrusted zone. ActiveX controls can contain potentially malicious code and must only be allowed to be downloaded from trusted s...
    Rule Medium Severity
    Show

  • SRG-APP-000209

    Group
    Show

  • VBScript must not be allowed to run in Internet Explorer (Restricted Sites zone).

    This policy setting allows the management of whether VBScript can be run on pages from the specified zone in Internet Explorer. By selecting "Enable" in the drop-down box, VBScript can run without ...
    Rule Medium Severity
    Show

  • SRG-APP-000266

    Group
    Show

  • Internet Explorer Development Tools Must Be Disabled.

    While the risk associated with browser development tools is more related to the proper design of a web application, a risk vector remains within the browser. The developer tools allow end users and...
    Rule Low Severity
    Show

  • SRG-APP-000210

    Group
    Show

  • The Initialize and script ActiveX controls not marked as safe property must be disallowed (Restricted Sites zone).

    ActiveX controls not marked safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not marked saf...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • ActiveX controls and plug-ins must be disallowed (Restricted Sites zone).

    This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. ActiveX controls not marked as safe should not be executed. If you enable...
    Rule Medium Severity
    Show

  • SRG-APP-000210

    Group
    Show

  • ActiveX controls marked safe for scripting must be disallowed (Restricted Sites zone).

    This policy setting allows management of whether ActiveX controls marked safe for scripting can interact with a script. If you enable this policy setting, script interaction can occur automatically...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • File downloads must be disallowed (Restricted Sites zone).

    Sites located in the Restricted Sites Zone are more likely to contain malicious payloads and therefore downloads from this zone should be blocked. Files should not be able to be downloaded from sit...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Java permissions must be disallowed (Restricted Sites zone).

    Java applications could contain malicious code; sites located in this security zone are more likely to be hosted by malicious individuals. This policy setting allows you to manage permissions for J...
    Rule Medium Severity
    Show

  • SRG-APP-000039

    Group
    Show

  • Accessing data sources across domains must be disallowed (Restricted Sites zone).

    The ability to access data zones across domains could cause the user to unknowingly access content hosted on an unauthorized server. This policy setting allows you to manage whether Internet Explor...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • The Allow META REFRESH property must be disallowed (Restricted Sites zone).

    It is possible that users will unknowingly be redirected to a site hosting malicious content. 'Allow META REFRESH' must have a level of protection based upon the site being browsed. This policy set...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Functionality to drag and drop or copy and paste files must be disallowed (Restricted Sites zone).

    Content hosted on sites located in the Restricted Sites zone are more likely to contain malicious payloads and therefore this feature should be blocked for this zone. Drag and drop or copy and past...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Launching programs and files in IFRAME must be disallowed (Restricted Sites zone).

    This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone. Launching of programs in IFRAME ...
    Rule Medium Severity
    Show

  • SRG-APP-000039

    Group
    Show

  • Navigating windows and frames across different domains must be disallowed (Restricted Sites zone).

    Frames navigating across different domains are a security concern, because the user may think they are accessing pages on one site while they are actually accessing pages on another site. It is pos...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules