I - Mission Critical Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
XAML files must be disallowed (Restricted Sites zone).
<VulnDiscussion>These are eXtensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used...Rule Medium Severity -
SRG-APP-000233
<GroupDescription></GroupDescription>Group -
Protected Mode must be enforced (Internet zone).
<VulnDiscussion>Protected Mode protects Internet Explorer from exploited vulnerabilities by reducing the locations Internet Explorer can writ...Rule Medium Severity -
SRG-APP-000233
<GroupDescription></GroupDescription>Group -
Protected Mode must be enforced (Restricted Sites zone).
<VulnDiscussion>Protected Mode protects Internet Explorer from exploited vulnerabilities by reducing the locations Internet Explorer can writ...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Pop-up Blocker must be enforced (Internet zone).
<VulnDiscussion>This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end ...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Pop-up Blocker must be enforced (Restricted Sites zone).
<VulnDiscussion>This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end ...Rule Medium Severity -
SRG-APP-000039
<GroupDescription></GroupDescription>Group -
Websites in less privileged web content zones must be prevented from navigating into the Internet zone.
<VulnDiscussion>This policy setting allows a user to manage whether websites from less privileged zones, such as Restricted Sites, can naviga...Rule Medium Severity -
SRG-APP-000039
<GroupDescription></GroupDescription>Group -
Websites in less privileged web content zones must be prevented from navigating into the Restricted Sites zone.
<VulnDiscussion>This policy setting allows you to manage whether websites from less privileged zones, such as Restricted Sites, can navigate ...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Allow binary and script behaviors must be disallowed (Restricted Sites zone).
<VulnDiscussion>This policy setting allows you to manage dynamic binary and script behaviors of components that encapsulate specific function...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Automatic prompting for file downloads must be disallowed (Restricted Sites zone).
<VulnDiscussion>This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setti...Rule Medium Severity -
SRG-APP-000206
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes for MIME handling must be enforced. (Reserved)
<VulnDiscussion>Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files rece...Rule Medium Severity -
SRG-APP-000206
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes for MIME handling must be enforced (Explorer).
<VulnDiscussion>Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files rece...Rule Medium Severity -
SRG-APP-000206
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes for MIME handling must be enforced (iexplore).
<VulnDiscussion>Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files rece...Rule Medium Severity -
SRG-APP-000206
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes for MIME sniffing must be enforced (Reserved).
<VulnDiscussion>MIME sniffing is the process of examining the content of a MIME file to determine its context - whether it is a data file, an...Rule Medium Severity -
SRG-APP-000206
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes for MIME sniffing must be enforced (Explorer).
<VulnDiscussion>MIME sniffing is the process of examining the content of a MIME file to determine its context - whether it is a data file, an...Rule Medium Severity -
SRG-APP-000206
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes for MIME sniffing must be enforced (iexplore).
<VulnDiscussion>MIME sniffing is the process of examining the content of a MIME file to determine its context - whether it is a data file, an...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes for MK protocol must be enforced (Reserved).
<VulnDiscussion>The MK Protocol Security Restriction policy setting reduces attack surface area by blocking the seldom used MK protocol. Some...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes for MK protocol must be enforced (Explorer).
<VulnDiscussion>The MK Protocol Security Restriction policy setting reduces attack surface area by blocking the seldom used MK protocol. Some...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes for MK protocol must be enforced (iexplore).
<VulnDiscussion>The MK Protocol Security Restriction policy setting reduces attack surface area by blocking the seldom used MK protocol. Some...Rule Medium Severity -
SRG-APP-000233
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes for Zone Elevation must be enforced (Reserved).
<VulnDiscussion>Internet Explorer places restrictions on each web page it opens that are dependent upon the location of the web page (such as...Rule Medium Severity -
SRG-APP-000233
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes for Zone Elevation must be enforced (Explorer).
<VulnDiscussion>Internet Explorer places restrictions on each web page it opens that are dependent upon the location of the web page (such as...Rule Medium Severity -
SRG-APP-000233
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes for Zone Elevation must be enforced (iexplore).
<VulnDiscussion>Internet Explorer places restrictions on each web page it opens that are dependent upon the location of the web page (such as...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes for Restrict File Download must be enforced (Reserved).
<VulnDiscussion>In certain circumstances, websites can initiate file download prompts without interaction from users. This technique can allo...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes for Restrict File Download must be enforced (Explorer).
<VulnDiscussion>In certain circumstances, websites can initiate file download prompts without interaction from users. This technique can allo...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes for Restrict File Download must be enforced (iexplore).
<VulnDiscussion>In certain circumstances, websites can initiate file download prompts without interaction from users. This technique can allo...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Internet Explorer Processes for restricting pop-up windows must be enforced (Reserved).
<VulnDiscussion>Internet Explorer allows scripts to programmatically open, resize, and reposition various types of windows. Often, disreputab...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.