II - Mission Support Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000039
Group -
Accessing data sources across domains must be disallowed (Restricted Sites zone).
The ability to access data zones across domains could cause the user to unknowingly access content hosted on an unauthorized server. This policy setting allows you to manage whether Internet Explor...Rule Medium Severity -
SRG-APP-000516
Group -
The Allow META REFRESH property must be disallowed (Restricted Sites zone).
It is possible that users will unknowingly be redirected to a site hosting malicious content. 'Allow META REFRESH' must have a level of protection based upon the site being browsed. This policy set...Rule Medium Severity -
SRG-APP-000141
Group -
Functionality to drag and drop or copy and paste files must be disallowed (Restricted Sites zone).
Content hosted on sites located in the Restricted Sites zone are more likely to contain malicious payloads and therefore this feature should be blocked for this zone. Drag and drop or copy and past...Rule Medium Severity -
SRG-APP-000141
Group -
Launching programs and files in IFRAME must be disallowed (Restricted Sites zone).
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone. Launching of programs in IFRAME ...Rule Medium Severity -
SRG-APP-000039
Group -
Navigating windows and frames across different domains must be disallowed (Restricted Sites zone).
Frames navigating across different domains are a security concern, because the user may think they are accessing pages on one site while they are actually accessing pages on another site. It is pos...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.