II - Mission Support Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000516
Group -
XAML files must be disallowed (Restricted Sites zone).
These are eXtensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that leverage the Window...Rule Medium Severity -
SRG-APP-000233
Group -
Protected Mode must be enforced (Internet zone).
Protected Mode protects Internet Explorer from exploited vulnerabilities by reducing the locations Internet Explorer can write to in the registry and the file system. If you enable this policy sett...Rule Medium Severity -
SRG-APP-000233
Group -
Protected Mode must be enforced (Restricted Sites zone).
Protected Mode protects Internet Explorer from exploited vulnerabilities by reducing the locations Internet Explorer can write to in the registry and the file system. If you enable this policy sett...Rule Medium Severity -
SRG-APP-000141
Group -
Pop-up Blocker must be enforced (Internet zone).
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. If you enable this policy setting, m...Rule Medium Severity -
SRG-APP-000141
Group -
Pop-up Blocker must be enforced (Restricted Sites zone).
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. If you enable this policy setting, m...Rule Medium Severity -
SRG-APP-000039
Group -
Websites in less privileged web content zones must be prevented from navigating into the Internet zone.
This policy setting allows a user to manage whether websites from less privileged zones, such as Restricted Sites, can navigate into the Internet zone. If this policy setting is enabled, websites f...Rule Medium Severity -
SRG-APP-000039
Group -
Websites in less privileged web content zones must be prevented from navigating into the Restricted Sites zone.
This policy setting allows you to manage whether websites from less privileged zones, such as Restricted Sites, can navigate into the Restricted zone. If this policy setting is enabled, websites fr...Rule Medium Severity -
SRG-APP-000141
Group -
Allow binary and script behaviors must be disallowed (Restricted Sites zone).
This policy setting allows you to manage dynamic binary and script behaviors of components that encapsulate specific functionality for HTML elements, to which they were attached. If you enable this...Rule Medium Severity -
SRG-APP-000141
Group -
Automatic prompting for file downloads must be disallowed (Restricted Sites zone).
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated download...Rule Medium Severity -
SRG-APP-000206
Group -
Internet Explorer Processes for MIME handling must be enforced. (Reserved)
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a web server. The Consistent MIME Handling\Internet Explore...Rule Medium Severity -
SRG-APP-000206
Group -
Internet Explorer Processes for MIME handling must be enforced (Explorer).
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a web server. The Consistent MIME Handling\Internet Explore...Rule Medium Severity -
SRG-APP-000206
Group -
Internet Explorer Processes for MIME handling must be enforced (iexplore).
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a web server. The Consistent MIME Handling\Internet Explore...Rule Medium Severity -
SRG-APP-000206
Group -
Internet Explorer Processes for MIME sniffing must be enforced (Reserved).
MIME sniffing is the process of examining the content of a MIME file to determine its context - whether it is a data file, an executable file, or some other type of file. This policy setting determ...Rule Medium Severity -
SRG-APP-000206
Group -
Internet Explorer Processes for MIME sniffing must be enforced (Explorer).
MIME sniffing is the process of examining the content of a MIME file to determine its context - whether it is a data file, an executable file, or some other type of file. This policy setting determ...Rule Medium Severity -
SRG-APP-000206
Group -
Internet Explorer Processes for MIME sniffing must be enforced (iexplore).
MIME sniffing is the process of examining the content of a MIME file to determine its context - whether it is a data file, an executable file, or some other type of file. This policy setting determ...Rule Medium Severity -
SRG-APP-000141
Group -
Internet Explorer Processes for MK protocol must be enforced (Reserved).
The MK Protocol Security Restriction policy setting reduces attack surface area by blocking the seldom used MK protocol. Some older web applications use the MK protocol to retrieve information from...Rule Medium Severity -
SRG-APP-000141
Group -
Internet Explorer Processes for MK protocol must be enforced (Explorer).
The MK Protocol Security Restriction policy setting reduces attack surface area by blocking the seldom used MK protocol. Some older web applications use the MK protocol to retrieve information from...Rule Medium Severity -
SRG-APP-000141
Group -
Internet Explorer Processes for MK protocol must be enforced (iexplore).
The MK Protocol Security Restriction policy setting reduces attack surface area by blocking the seldom used MK protocol. Some older web applications use the MK protocol to retrieve information from...Rule Medium Severity -
SRG-APP-000233
Group -
Internet Explorer Processes for Zone Elevation must be enforced (Reserved).
Internet Explorer places restrictions on each web page it opens that are dependent upon the location of the web page (such as Internet Zone, Intranet Zone, or Local Machine Zone). Web pages on a lo...Rule Medium Severity -
SRG-APP-000233
Group -
Internet Explorer Processes for Zone Elevation must be enforced (Explorer).
Internet Explorer places restrictions on each web page it opens that are dependent upon the location of the web page (such as Internet Zone, Intranet Zone, or Local Machine Zone). Web pages on a lo...Rule Medium Severity -
SRG-APP-000233
Group -
Internet Explorer Processes for Zone Elevation must be enforced (iexplore).
Internet Explorer places restrictions on each web page it opens that are dependent upon the location of the web page (such as Internet Zone, Intranet Zone, or Local Machine Zone). Web pages on a lo...Rule Medium Severity -
SRG-APP-000141
Group -
Internet Explorer Processes for Restrict File Download must be enforced (Reserved).
In certain circumstances, websites can initiate file download prompts without interaction from users. This technique can allow websites to put unauthorized files on users' hard drives if they click...Rule Medium Severity -
SRG-APP-000141
Group -
Internet Explorer Processes for Restrict File Download must be enforced (Explorer).
In certain circumstances, websites can initiate file download prompts without interaction from users. This technique can allow websites to put unauthorized files on users' hard drives if they click...Rule Medium Severity -
SRG-APP-000141
Group -
Internet Explorer Processes for Restrict File Download must be enforced (iexplore).
In certain circumstances, websites can initiate file download prompts without interaction from users. This technique can allow websites to put unauthorized files on users' hard drives if they click...Rule Medium Severity -
SRG-APP-000141
Group -
Internet Explorer Processes for restricting pop-up windows must be enforced (Reserved).
Internet Explorer allows scripts to programmatically open, resize, and reposition various types of windows. Often, disreputable websites will resize windows to either hide other windows or force th...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.