II - Mission Support Public

Rules and Groups employed by this XCCDF Profile

SRG-APP-000231

Group

Show

Userdata persistence must be disallowed (Restricted Sites zone).

<VulnDiscussion>Userdata persistence must have a level of protection based upon the site being accessed. This policy setting allows you to ma...

Rule Medium Severity

Show

SRG-APP-000141

Group

Show

Active scripting must be disallowed (Restricted Sites Zone).

<VulnDiscussion>Active scripts hosted on sites located in this zone are more likely to contain malicious code. Active scripting must have a l...

Rule Medium Severity

Show

SRG-APP-000141

Group

Show

Clipboard operations via script must be disallowed (Restricted Sites zone).

<VulnDiscussion>A malicious script could use the clipboard in an undesirable manner, for example, if the user had recently copied confidentia...

Rule Medium Severity

Show

SRG-APP-000219

Group

Show

Logon options must be configured and enforced (Restricted Sites zone).

<VulnDiscussion>Users could submit credentials to servers operated by malicious individuals who could then attempt to connect to legitimate s...

Rule Medium Severity

Show

SRG-APP-000089

Group

Show

Configuring History setting must be set to 40 days.

<VulnDiscussion>This setting specifies the number of days that Internet Explorer keeps track of the pages viewed in the History List. The del...

Rule Medium Severity

Show

SRG-APP-000141

Group

Show

Internet Explorer must be set to disallow users to add/delete sites.

<VulnDiscussion>This setting prevents users from adding sites to various security zones. Users should not be able to add sites to different z...

Rule Medium Severity

Show

SRG-APP-000516

Group

Show

Internet Explorer must be configured to disallow users to change policies.

<VulnDiscussion>Users who change their Internet Explorer security settings could enable the execution of dangerous types of code from the Int...

Rule Medium Severity

Show

SRG-APP-000516

Group

Show

Internet Explorer must be configured to use machine settings.

<VulnDiscussion>Users who change their Internet Explorer security settings could enable the execution of dangerous types of code from the Int...

Rule Medium Severity

Show

SRG-APP-000516

Group

Show

Security checking features must be enforced.

<VulnDiscussion>This policy setting turns off the Security Settings Check feature, which checks Internet Explorer security settings to determ...

Rule Medium Severity

Show

SRG-APP-000210

Group

Show

Software must be disallowed to run or install with invalid signatures.

<VulnDiscussion>Microsoft ActiveX controls and file downloads often have digital signatures attached that certify the file's integrity and th...

Rule Medium Severity

Show

SRG-APP-000233

Group

Show

The 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows, must be turned on.

<VulnDiscussion>This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes ...

Rule Medium Severity

Show

SRG-APP-000175

Group

Show

Checking for server certificate revocation must be enforced.

<VulnDiscussion>This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Cer...

Rule Low Severity

Show

SRG-APP-000131

Group

Show

Checking for signatures on downloaded programs must be enforced.

<VulnDiscussion>This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publis...

Rule Medium Severity

Show

SRG-APP-000516

Group

Show

All network paths (UNCs) for Intranet sites must be disallowed.

<VulnDiscussion>Some UNC paths could refer to servers not managed by the organization, which means they could host malicious content; and the...

Rule Medium Severity

Show

SRG-APP-000141

Group

Show

Script-initiated windows without size or position constraints must be disallowed (Internet zone).

<VulnDiscussion>This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows including the title and ...

Rule Medium Severity

Show

SRG-APP-000141

Group

Show

Script-initiated windows without size or position constraints must be disallowed (Restricted Sites zone).

<VulnDiscussion>This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows including the title and ...

Rule Medium Severity

Show

SRG-APP-000141

Group

Show

Scriptlets must be disallowed (Internet zone).

<VulnDiscussion>This policy setting allows you to manage whether scriptlets can be allowed. Scriptlets hosted on sites located in this zone a...

Rule Medium Severity

Show

SRG-APP-000141

Group

Show

Automatic prompting for file downloads must be disallowed (Internet zone).

<VulnDiscussion>This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setti...

Rule Medium Severity

Show

SRG-APP-000141

Group

Show

Java permissions must be disallowed (Local Machine zone).

<VulnDiscussion>Java applications could contain malicious code. This policy setting allows you to manage permissions for Java applets. If you...

Rule Medium Severity

Show

SRG-APP-000207

Group

Show

Anti-Malware programs against ActiveX controls must be run for the Local Machine zone.

<VulnDiscussion>This policy setting determines whether Internet Explorer runs Anti-Malware programs against ActiveX controls, to check if the...

Rule Medium Severity

Show

SRG-APP-000141

Group

Show

Java permissions must be disallowed (Locked Down Local Machine zone).

<VulnDiscussion>Java applications could contain malicious code. This policy setting allows you to manage permissions for Java applets. If you...

Rule Medium Severity

Show

SRG-APP-000141

Group

Show

Java permissions must be disallowed (Locked Down Intranet zone).

<VulnDiscussion>Java applications could contain malicious code. This policy setting allows you to manage permissions for Java applets. If you...

Rule Medium Severity

Show

SRG-APP-000141

Group

Show

Java permissions must be disallowed (Locked Down Trusted Sites zone).

<VulnDiscussion>Java applications could contain malicious code; sites located in this security zone are more likely to be hosted by malicious...

Rule Medium Severity

Show

SRG-APP-000141

Group

Show

Java permissions must be disallowed (Locked Down Restricted Sites zone).

<VulnDiscussion>Java applications could contain malicious code. This policy setting allows you to manage permissions for Java applets. If you...

Rule Medium Severity

Show

SRG-APP-000516

Group

Show

XAML files must be disallowed (Internet zone).

<VulnDiscussion>These are eXtensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used...

Rule Medium Severity

Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity

Modules