Skip to content
Log In

III - Administrative Public

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000231

    Group
    Show

  • Userdata persistence must be disallowed (Restricted Sites zone).

    Userdata persistence must have a level of protection based upon the site being accessed. This policy setting allows you to manage the preservation of information in the browser's history, in Favori...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Active scripting must be disallowed (Restricted Sites Zone).

    Active scripts hosted on sites located in this zone are more likely to contain malicious code. Active scripting must have a level of protection based upon the site being accessed. This policy setti...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Clipboard operations via script must be disallowed (Restricted Sites zone).

    A malicious script could use the clipboard in an undesirable manner, for example, if the user had recently copied confidential information to the clipboard while editing a document, a malicious scr...
    Rule Medium Severity
    Show

  • SRG-APP-000219

    Group
    Show

  • Logon options must be configured and enforced (Restricted Sites zone).

    Users could submit credentials to servers operated by malicious individuals who could then attempt to connect to legitimate servers with those captured credentials. Care must be taken with user cre...
    Rule Medium Severity
    Show

  • SRG-APP-000089

    Group
    Show

  • Configuring History setting must be set to 40 days.

    This setting specifies the number of days that Internet Explorer keeps track of the pages viewed in the History List. The delete Browsing History option can be accessed using Tools, Internet Option...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Internet Explorer must be set to disallow users to add/delete sites.

    This setting prevents users from adding sites to various security zones. Users should not be able to add sites to different zones, as this could allow them to bypass security controls of the system...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • Internet Explorer must be configured to disallow users to change policies.

    Users who change their Internet Explorer security settings could enable the execution of dangerous types of code from the Internet and websites listed in the Restricted Sites zone in the browser. T...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • Internet Explorer must be configured to use machine settings.

    Users who change their Internet Explorer security settings could enable the execution of dangerous types of code from the Internet and websites listed in the Restricted Sites zone in the browser. T...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • Security checking features must be enforced.

    This policy setting turns off the Security Settings Check feature, which checks Internet Explorer security settings to determine when the settings put Internet Explorer at risk. If you enable this ...
    Rule Medium Severity
    Show

  • SRG-APP-000210

    Group
    Show

  • Software must be disallowed to run or install with invalid signatures.

    Microsoft ActiveX controls and file downloads often have digital signatures attached that certify the file's integrity and the identity of the signer (creator) of the software. Such signatures help...
    Rule Medium Severity
    Show

  • SRG-APP-000233

    Group
    Show

  • The 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows, must be turned on.

    This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 6...
    Rule Medium Severity
    Show

  • SRG-APP-000175

    Group
    Show

  • Checking for server certificate revocation must be enforced.

    This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer v...
    Rule Low Severity
    Show

  • SRG-APP-000131

    Group
    Show

  • Checking for signatures on downloaded programs must be enforced.

    This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it has not been modified or tampered...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • All network paths (UNCs) for Intranet sites must be disallowed.

    Some UNC paths could refer to servers not managed by the organization, which means they could host malicious content; and therefore, it is safest to not include all UNC paths in the Intranet Sites ...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Script-initiated windows without size or position constraints must be disallowed (Internet zone).

    This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows including the title and status bars. If you enable this policy setting, Windows Restrictions sec...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Script-initiated windows without size or position constraints must be disallowed (Restricted Sites zone).

    This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows including the title and status bars. If you enable this policy setting, Windows Restrictions sec...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Scriptlets must be disallowed (Internet zone).

    This policy setting allows you to manage whether scriptlets can be allowed. Scriptlets hosted on sites located in this zone are more likely to contain malicious code. If you enable this policy sett...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Automatic prompting for file downloads must be disallowed (Internet zone).

    This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated download...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Java permissions must be disallowed (Local Machine zone).

    Java applications could contain malicious code. This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, options can be chosen from the drop-down bo...
    Rule Medium Severity
    Show

  • SRG-APP-000207

    Group
    Show

  • Anti-Malware programs against ActiveX controls must be run for the Local Machine zone.

    This policy setting determines whether Internet Explorer runs Anti-Malware programs against ActiveX controls, to check if they're safe to load on pages. If you enable this policy setting, Inte...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Java permissions must be disallowed (Locked Down Local Machine zone).

    Java applications could contain malicious code. This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, options can be chosen from the drop-down bo...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Java permissions must be disallowed (Locked Down Intranet zone).

    Java applications could contain malicious code. This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, options can be chosen from the drop-down bo...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Java permissions must be disallowed (Locked Down Trusted Sites zone).

    Java applications could contain malicious code; sites located in this security zone are more likely to be hosted by malicious individuals. This policy setting allows you to manage permissions for J...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Java permissions must be disallowed (Locked Down Restricted Sites zone).

    Java applications could contain malicious code. This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, options can be chosen from the drop-down bo...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • XAML files must be disallowed (Internet zone).

    These are eXtensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that leverage the Window...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules