I - Mission Critical Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Scripting of Internet Explorer WebBrowser Control must be disallowed (Restricted Sites zone).
<VulnDiscussion>This policy setting controls whether a page may control embedded WebBrowser Control via script. Scripted code hosted on sites...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
When uploading files to a server, the local directory path must be excluded (Restricted Sites zone).
<VulnDiscussion>This policy setting controls whether or not the local path information will be sent when uploading a file via a HTML form. If...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Security Warning for unsafe files must be disallowed (Restricted Sites zone).
<VulnDiscussion>This policy setting controls whether or not the 'Open File - Security Warning' message appears when the user tries to open ex...Rule Medium Severity -
SRG-APP-000210
<GroupDescription></GroupDescription>Group -
ActiveX controls without prompt property must be used in approved domains only (Restricted Sites zone).
<VulnDiscussion>This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the ...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Cross-Site Scripting Filter property must be enforced (Restricted Sites zone).
<VulnDiscussion>The Cross-Site Scripting Filter is designed to prevent users from becoming victims of unintentional information disclosure. T...Rule Medium Severity -
SRG-APP-000112
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes Restrict ActiveX Install must be enforced (Reserved).
<VulnDiscussion>Users often choose to install software such as ActiveX controls that are not permitted by their organization's security polic...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Status bar updates via script must be disallowed (Internet zone).
<VulnDiscussion>This policy setting allows you to manage whether script is allowed to update the status bar within the zone. A script running...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
.NET Framework-reliant components not signed with Authenticode must be disallowed to run (Internet zone).
<VulnDiscussion>Unsigned components are more likely to contain malicious code and it is more difficult to determine the author of the applica...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
.NET Framework-reliant components signed with Authenticode must be disallowed to run (Internet zone).
<VulnDiscussion>It may be possible for someone to host malicious content on a website that takes advantage of these components. This policy s...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Scriptlets must be disallowed (Restricted Sites zone).
<VulnDiscussion>This policy setting allows you to manage whether scriptlets can be allowed. Scriptlets hosted on sites located in this zone a...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.