Skip to content

III - Administrative Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000233

    <GroupDescription></GroupDescription>
    Group
  • The 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows, must be turned on.

    &lt;VulnDiscussion&gt;This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes ...
    Rule Medium Severity
  • SRG-APP-000175

    <GroupDescription></GroupDescription>
    Group
  • Checking for server certificate revocation must be enforced.

    &lt;VulnDiscussion&gt;This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Cer...
    Rule Low Severity
  • SRG-APP-000131

    <GroupDescription></GroupDescription>
    Group
  • Checking for signatures on downloaded programs must be enforced.

    &lt;VulnDiscussion&gt;This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publis...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • All network paths (UNCs) for Intranet sites must be disallowed.

    &lt;VulnDiscussion&gt;Some UNC paths could refer to servers not managed by the organization, which means they could host malicious content; and the...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Script-initiated windows without size or position constraints must be disallowed (Internet zone).

    &lt;VulnDiscussion&gt;This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows including the title and ...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Script-initiated windows without size or position constraints must be disallowed (Restricted Sites zone).

    &lt;VulnDiscussion&gt;This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows including the title and ...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Scriptlets must be disallowed (Internet zone).

    &lt;VulnDiscussion&gt;This policy setting allows you to manage whether scriptlets can be allowed. Scriptlets hosted on sites located in this zone a...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Automatic prompting for file downloads must be disallowed (Internet zone).

    &lt;VulnDiscussion&gt;This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setti...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Java permissions must be disallowed (Local Machine zone).

    &lt;VulnDiscussion&gt;Java applications could contain malicious code. This policy setting allows you to manage permissions for Java applets. If you...
    Rule Medium Severity
  • SRG-APP-000207

    <GroupDescription></GroupDescription>
    Group
  • Anti-Malware programs against ActiveX controls must be run for the Local Machine zone.

    &lt;VulnDiscussion&gt;This policy setting determines whether Internet Explorer runs Anti-Malware programs against ActiveX controls, to check if the...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules