Skip to content

III - Administrative Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000231

    <GroupDescription></GroupDescription>
    Group
  • Userdata persistence must be disallowed (Restricted Sites zone).

    &lt;VulnDiscussion&gt;Userdata persistence must have a level of protection based upon the site being accessed. This policy setting allows you to ma...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Active scripting must be disallowed (Restricted Sites Zone).

    &lt;VulnDiscussion&gt;Active scripts hosted on sites located in this zone are more likely to contain malicious code. Active scripting must have a l...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Clipboard operations via script must be disallowed (Restricted Sites zone).

    &lt;VulnDiscussion&gt;A malicious script could use the clipboard in an undesirable manner, for example, if the user had recently copied confidentia...
    Rule Medium Severity
  • SRG-APP-000219

    <GroupDescription></GroupDescription>
    Group
  • Logon options must be configured and enforced (Restricted Sites zone).

    &lt;VulnDiscussion&gt;Users could submit credentials to servers operated by malicious individuals who could then attempt to connect to legitimate s...
    Rule Medium Severity
  • SRG-APP-000089

    <GroupDescription></GroupDescription>
    Group
  • Configuring History setting must be set to 40 days.

    &lt;VulnDiscussion&gt;This setting specifies the number of days that Internet Explorer keeps track of the pages viewed in the History List. The del...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Internet Explorer must be set to disallow users to add/delete sites.

    &lt;VulnDiscussion&gt;This setting prevents users from adding sites to various security zones. Users should not be able to add sites to different z...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Internet Explorer must be configured to disallow users to change policies.

    &lt;VulnDiscussion&gt;Users who change their Internet Explorer security settings could enable the execution of dangerous types of code from the Int...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Internet Explorer must be configured to use machine settings.

    &lt;VulnDiscussion&gt;Users who change their Internet Explorer security settings could enable the execution of dangerous types of code from the Int...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Security checking features must be enforced.

    &lt;VulnDiscussion&gt;This policy setting turns off the Security Settings Check feature, which checks Internet Explorer security settings to determ...
    Rule Medium Severity
  • SRG-APP-000210

    <GroupDescription></GroupDescription>
    Group
  • Software must be disallowed to run or install with invalid signatures.

    &lt;VulnDiscussion&gt;Microsoft ActiveX controls and file downloads often have digital signatures attached that certify the file's integrity and th...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules