I - Mission Critical Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes for restricting pop-up windows must be enforced (Explorer).
<VulnDiscussion>Internet Explorer allows scripts to programmatically open, resize, and reposition various types of windows. Often, disreputab...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes for restricting pop-up windows must be enforced (iexplore).
<VulnDiscussion>Internet Explorer allows scripts to programmatically open, resize, and reposition various types of windows. Often, disreputab...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
.NET Framework-reliant components not signed with Authenticode must be disallowed to run (Restricted Sites Zone).
<VulnDiscussion>This policy setting allows you to manage whether .NET Framework-reliant components that are not signed with Authenticode can ...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
.NET Framework-reliant components signed with Authenticode must be disallowed to run (Restricted Sites Zone).
<VulnDiscussion>This policy setting allows you to manage whether .NET Framework-reliant components that are signed with Authenticode can be e...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Scripting of Java applets must be disallowed (Restricted Sites zone).
<VulnDiscussion>This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy se...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
AutoComplete feature for forms must be disallowed.
<VulnDiscussion>This AutoComplete feature suggests possible matches when users are filling in forms. It is possible that this feature will ca...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Crash Detection management must be enforced.
<VulnDiscussion>The 'Turn off Crash Detection' policy setting allows you to manage the crash detection feature of add-on management in Intern...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Turn on the auto-complete feature for user names and passwords on forms must be disabled.
<VulnDiscussion>This policy setting controls automatic completion of fields in forms on web pages. It is possible that malware could be devel...Rule Medium Severity -
SRG-APP-000206
<GroupDescription></GroupDescription>Group -
Managing SmartScreen Filter use must be enforced.
<VulnDiscussion>This setting is important from a security perspective because Microsoft has extensive data illustrating the positive impact t...Rule Medium Severity -
SRG-APP-000089
<GroupDescription></GroupDescription>Group -
Browser must retain history on exit.
<VulnDiscussion>Delete Browsing History on exit automatically deletes specified items when the last browser window closes. Disabling this fu...Rule Medium Severity -
SRG-APP-000089
<GroupDescription></GroupDescription>Group -
Deleting websites that the user has visited must be disallowed.
<VulnDiscussion>This policy prevents users from deleting the history of websites the user has visited. If you enable this policy setting, web...Rule Medium Severity -
SRG-APP-000080
<GroupDescription></GroupDescription>Group -
InPrivate Browsing must be disallowed.
<VulnDiscussion>InPrivate Browsing lets the user control whether or not Internet Explorer saves the browsing history, cookies, and other data...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Scripting of Internet Explorer WebBrowser control property must be disallowed (Internet zone).
<VulnDiscussion>This policy setting controls whether a page may control embedded WebBrowser control via script. Scripted code hosted on sites...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
When uploading files to a server, the local directory path must be excluded (Internet zone).
<VulnDiscussion>This policy setting controls whether or not the local path information will be sent when uploading a file via a HTML form. If...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes for Notification Bars must be enforced (Reserved).
<VulnDiscussion>This policy setting allows you to manage whether the Notification Bar is displayed for Internet Explorer processes when file ...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Security Warning for unsafe files must be set to prompt (Internet zone).
<VulnDiscussion>This policy setting controls whether or not the 'Open File - Security Warning' message appears when the user tries to open ex...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes for Notification Bars must be enforced (Explorer).
<VulnDiscussion>This policy setting allows you to manage whether the Notification Bar is displayed for Internet Explorer processes when file ...Rule Medium Severity -
SRG-APP-000210
<GroupDescription></GroupDescription>Group -
ActiveX controls without prompt property must be used in approved domains only (Internet zone).
<VulnDiscussion>This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the ...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes for Notification Bars must be enforced (iexplore).
<VulnDiscussion>This policy setting allows you to manage whether the Notification Bar is displayed for Internet Explorer processes when file ...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Cross-Site Scripting Filter must be enforced (Internet zone).
<VulnDiscussion>The Cross-Site Scripting Filter is designed to prevent users from becoming victims of unintentional information disclosure. T...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Scripting of Internet Explorer WebBrowser Control must be disallowed (Restricted Sites zone).
<VulnDiscussion>This policy setting controls whether a page may control embedded WebBrowser Control via script. Scripted code hosted on sites...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
When uploading files to a server, the local directory path must be excluded (Restricted Sites zone).
<VulnDiscussion>This policy setting controls whether or not the local path information will be sent when uploading a file via a HTML form. If...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
Security Warning for unsafe files must be disallowed (Restricted Sites zone).
<VulnDiscussion>This policy setting controls whether or not the 'Open File - Security Warning' message appears when the user tries to open ex...Rule Medium Severity -
SRG-APP-000210
<GroupDescription></GroupDescription>Group -
ActiveX controls without prompt property must be used in approved domains only (Restricted Sites zone).
<VulnDiscussion>This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the ...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Cross-Site Scripting Filter property must be enforced (Restricted Sites zone).
<VulnDiscussion>The Cross-Site Scripting Filter is designed to prevent users from becoming victims of unintentional information disclosure. T...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.