UCF STIG Viewer Logo

Microsoft Internet Explorer 11 Security Technical Implementation Guide


Overview

Date Finding Count (138)
2018-06-08 CAT I (High): 0 CAT II (Med): 136 CAT III (Low): 2
STIG Description
The Microsoft Internet Explorer 11 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil

Available Profiles



Findings (MAC II - Mission Support Classified)

Finding ID Severity Title
V-46637 Medium Script-initiated windows without size or position constraints must be disallowed (Internet zone).
V-46635 Medium All network paths (UNCs) for Intranet sites must be disallowed.
V-46633 Medium Checking for signatures on downloaded programs must be enforced.
V-46575 Medium The Download unsigned ActiveX controls property must be disallowed (Restricted Sites zone).
V-46733 Medium Internet Explorer Processes for Restrict File Download must be enforced (Reserved).
V-46639 Medium Script-initiated windows without size or position constraints must be disallowed (Restricted Sites zone).
V-46731 Medium Internet Explorer Processes for Zone Elevation must be enforced (iexplore).
V-46849 Medium Scripting of Internet Explorer WebBrowser control property must be disallowed (Internet zone).
V-46847 Medium InPrivate Browsing must be disallowed.
V-46841 Medium Deleting websites that the user has visited must be disallowed.
V-72763 Medium Use of the Tabular Data Control (TDC) ActiveX control must be disabled for the Restricted Sites Zone.
V-46573 Medium The Download signed ActiveX controls property must be disallowed (Restricted Sites zone).
V-64729 Medium Allow Fallback to SSL 3.0 (Internet Explorer) must be disabled.
V-46643 Medium Automatic prompting for file downloads must be disallowed (Internet zone).
V-46641 Medium Scriptlets must be disallowed (Internet zone).
V-46647 Medium Java permissions must be disallowed (Locked Down Local Machine zone).
V-46645 Medium Java permissions must be disallowed (Local Machine zone).
V-64721 Medium Turn on SmartScreen Filter scan option for the Restricted Sites Zone must be enabled.
V-64723 Medium The Initialize and script ActiveX controls not marked as safe must be disallowed (Intranet Zone).
V-46649 Medium Java permissions must be disallowed (Locked Down Intranet zone).
V-64725 Medium The Initialize and script ActiveX controls not marked as safe must be disallowed (Trusted Sites Zone).
V-46625 Medium Software must be disallowed to run or install with invalid signatures.
V-46621 Medium Security checking features must be enforced.
V-46879 Medium Cross-Site Scripting Filter must be enforced (Internet zone).
V-72759 Medium Enabling outdated ActiveX controls for Internet Explorer must be blocked.
V-46865 Medium ActiveX controls without prompt property must be used in approved domains only (Internet zone).
V-46615 Medium Internet Explorer must be set to disallow users to add/delete sites.
V-46617 Medium Internet Explorer must be configured to disallow users to change policies.
V-46861 Medium Internet Explorer Processes for Notification Bars must be enforced (Explorer).
V-46619 Medium Internet Explorer must be configured to use machine settings.
V-46869 Medium Internet Explorer Processes for Notification Bars must be enforced (iexplore).
V-46589 Medium Accessing data sources across domains must be disallowed (Restricted Sites zone).
V-46585 Medium Font downloads must be disallowed (Restricted Sites zone).
V-46587 Medium Java permissions must be disallowed (Restricted Sites zone).
V-46581 Medium ActiveX controls marked safe for scripting must be disallowed (Restricted Sites zone).
V-46583 Medium File downloads must be disallowed (Restricted Sites zone).
V-46505 Medium Font downloads must be disallowed (Internet zone).
V-46729 Medium Internet Explorer Processes for Zone Elevation must be enforced (Explorer).
V-46507 Medium The Java permissions must be disallowed (Internet zone).
V-46501 Medium The Initialize and script ActiveX controls not marked as safe property must be disallowed (Internet zone).
V-46509 Medium Accessing data sources across domains must be disallowed (Internet zone).
V-46811 Medium Crash Detection management must be enforced.
V-46815 Medium Turn on the auto-complete feature for user names and passwords on forms must be disabled.
V-46609 Medium Configuring History setting must be set to 40 days.
V-46607 Medium Logon options must be configured and enforced (Restricted Sites zone).
V-46819 Medium Managing SmartScreen Filter use must be enforced.
V-46605 Medium Clipboard operations via script must be disallowed (Restricted Sites zone).
V-46603 Medium Active scripting must be disallowed (Restricted Sites Zone).
V-46601 Medium Userdata persistence must be disallowed (Restricted Sites zone).
V-46599 Medium Navigating windows and frames across different domains must be disallowed (Restricted Sites zone).
V-46893 Medium ActiveX controls without prompt property must be used in approved domains only (Restricted Sites zone).
V-46593 Medium Functionality to drag and drop or copy and paste files must be disallowed (Restricted Sites zone).
V-46591 Medium The Allow META REFRESH property must be disallowed (Restricted Sites zone).
V-46897 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (Reserved).
V-46597 Medium Launching programs and files in IFRAME must be disallowed (Restricted Sites zone).
V-46895 Medium Cross-Site Scripting Filter property must be enforced (Restricted Sites zone).
V-46513 Medium Launching programs and files in IFRAME must be disallowed (Internet zone).
V-46511 Medium Functionality to drag and drop or copy and paste files must be disallowed (Internet zone).
V-46517 Medium Userdata persistence must be disallowed (Internet zone).
V-46515 Medium Navigating windows and frames across different domains must be disallowed (Internet zone).
V-46691 Medium Pop-up Blocker must be enforced (Restricted Sites zone).
V-46693 Medium Websites in less privileged web content zones must be prevented from navigating into the Internet zone.
V-46695 Medium Websites in less privileged web content zones must be prevented from navigating into the Restricted Sites zone.
V-46801 Medium Scripting of Java applets must be disallowed (Restricted Sites zone).
V-46577 Medium The Initialize and script ActiveX controls not marked as safe property must be disallowed (Restricted Sites zone).
V-46807 Medium AutoComplete feature for forms must be disallowed.
V-46579 Medium ActiveX controls and plug-ins must be disallowed (Restricted Sites zone).
V-46717 Medium Internet Explorer Processes for MIME sniffing must be enforced (Explorer).
V-46927 Medium Scriptlets must be disallowed (Restricted Sites zone).
V-46921 Medium .NET Framework-reliant components signed with Authenticode must be disallowed to run (Internet zone).
V-46889 Medium Security Warning for unsafe files must be disallowed (Restricted Sites zone).
V-46685 Medium Protected Mode must be enforced (Restricted Sites zone).
V-46681 Medium Protected Mode must be enforced (Internet zone).
V-46883 Medium Scripting of Internet Explorer WebBrowser Control must be disallowed (Restricted Sites zone).
V-46885 Medium When uploading files to a server, the local directory path must be excluded (Restricted Sites zone).
V-46689 Medium Pop-up Blocker must be enforced (Internet zone).
V-46669 Medium XAML files must be disallowed (Restricted Sites zone).
V-46543 Medium Java permissions must be configured with High Safety (Trusted Sites zone).
V-46545 Medium Dragging of content from different domains within a window must be disallowed (Internet zone).
V-46701 Medium Allow binary and script behaviors must be disallowed (Restricted Sites zone).
V-46549 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (Explorer).
V-46663 Medium Java permissions must be disallowed (Locked Down Restricted Sites zone).
V-46665 Medium XAML files must be disallowed (Internet zone).
V-46709 Medium Internet Explorer Processes for MIME handling must be enforced. (Reserved)
V-46553 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (iexplore).
V-46939 Medium Status bar updates via script must be disallowed (Restricted Sites zone).
V-47003 Medium Anti-Malware programs against ActiveX controls must be run for the Local Machine zone.
V-72757 Medium Run once selection for running outdated ActiveX controls must be disabled.
V-47005 Medium Anti-Malware programs against ActiveX controls must be run for the Restricted Sites zone.
V-46475 Medium The Internet Explorer warning about certificate address mismatch must be enforced.
V-47009 Medium Anti-Malware programs against ActiveX controls must be run for the Trusted Sites zone.
V-46705 Medium Automatic prompting for file downloads must be disallowed (Restricted Sites zone).
V-46473 Medium Turn off Encryption Support must be enabled.
V-46779 Medium Internet Explorer Processes for Restrict File Download must be enforced (Explorer).
V-75169 Medium VBScript must not be allowed to run in Internet Explorer (Internet zone).
V-46715 Medium Internet Explorer Processes for MIME sniffing must be enforced (Reserved).
V-46829 Medium Browser must retain history on exit.
V-46711 Medium Internet Explorer Processes for MIME handling must be enforced (Explorer).
V-46713 Medium Internet Explorer Processes for MIME handling must be enforced (iexplore).
V-46555 Medium Dragging of content from different domains within a window must be disallowed (Restricted Sites zone).
V-46719 Medium Internet Explorer Processes for MIME sniffing must be enforced (iexplore).
V-46903 Medium Status bar updates via script must be disallowed (Internet zone).
V-46907 Medium .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Internet zone).
V-46975 Medium When Enhanced Protected Mode is enabled, ActiveX controls must be disallowed to run in Protected Mode.
V-46981 Medium Dragging of content from different domains across windows must be disallowed (Internet zone).
V-46547 Medium Dragging of content from different domains across windows must be disallowed (Restricted Sites zone).
V-46987 Medium Enhanced Protected Mode functionality must be enforced.
V-72761 Medium Use of the Tabular Data Control (TDC) ActiveX control must be disabled for the Internet Zone.
V-75171 Medium VBScript must not be allowed to run in Internet Explorer (Restricted Sites zone).
V-46789 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (Explorer).
V-46787 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (Reserved).
V-46781 Medium Internet Explorer Processes for Restrict File Download must be enforced (iexplore).
V-46799 Medium .NET Framework-reliant components signed with Authenticode must be disallowed to run (Restricted Sites Zone).
V-46721 Medium Internet Explorer Processes for MK protocol must be enforced (Reserved).
V-46723 Medium Internet Explorer Processes for MK protocol must be enforced (Explorer).
V-46725 Medium Internet Explorer Processes for MK protocol must be enforced (iexplore).
V-46481 Medium The Download signed ActiveX controls property must be disallowed (Internet zone).
V-46727 Medium Internet Explorer Processes for Zone Elevation must be enforced (Reserved).
V-46483 Medium The Download unsigned ActiveX controls property must be disallowed (Internet zone).
V-46523 Medium Logon options must be configured to prompt (Internet zone).
V-46521 Medium Clipboard operations via script must be disallowed (Internet zone).
V-46525 Medium Java permissions must be configured with High Safety (Intranet zone).
V-46859 Medium Security Warning for unsafe files must be set to prompt (Internet zone).
V-46857 Medium Internet Explorer Processes for Notification Bars must be enforced (Reserved).
V-46853 Medium When uploading files to a server, the local directory path must be excluded (Internet zone).
V-46797 Medium .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Restricted Sites Zone).
V-46999 Medium Anti-Malware programs against ActiveX controls must be run for the Intranet zone.
V-46997 Medium Anti-Malware programs against ActiveX controls must be run for the Internet zone.
V-46995 Medium The 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows, must be turned on.
V-46791 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (iexplore).
V-64719 Medium Turn on SmartScreen Filter scan option for the Internet Zone must be enabled.
V-46653 Medium Java permissions must be disallowed (Locked Down Trusted Sites zone).
V-64715 Medium Prevent per-user installation of ActiveX controls must be enabled.
V-64717 Medium Prevent ignoring certificate errors option must be enabled.
V-64711 Medium Prevent bypassing SmartScreen Filter warnings must be enabled.
V-64713 Medium Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the internet must be enabled.
V-46629 Low Checking for server certificate revocation must be enforced.
V-46477 Low Check for publishers certificate revocation must be enforced.