The IE home page must be set to blank or a trusted site.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-46467	DTBI001-IE11	SV-59331r2_rule	DCMC-1	Medium

Description
By setting this parameter inappropriately, a malicious web site can be automatically loaded into a browser which may contain mobile code.

STIG	Date
Microsoft Internet Explorer 11 Security Technical Implementation Guide	2015-06-30

Details

Check Text ( C-49679r3_chk )
The policy for User Configuration -> Policies -> Administrative Templates -> Windows Components -> Internet Explorer "Disable changing home page settings" must be "Enable" and specify the URL for the home page. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Microsoft\Internet Explorer\Main Criteria: If the value "Start Page" is 'about:blank' or a trusted site, this is not a finding.

Check Text ( C-49679r3_chk )

The policy for User Configuration -> Policies -> Administrative Templates -> Windows Components -> Internet
Explorer "Disable changing home page settings" must be "Enable" and specify the URL for the home page.

Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Microsoft\Internet Explorer\Main Criteria: If the value "Start Page" is 'about:blank' or a trusted site, this is not a finding.

Fix Text (F-50155r3_fix)
Set the policy for User Configuration -> Policies -> Administrative Templates -> Windows Components -> Internet Explorer "Disable changing home page settings" to "Enable" and specify the URL for the home page.