UCF STIG Viewer Logo

Microsoft Internet Explorer 11 Security Technical Implementation Guide


Overview

Date Finding Count (137)
2022-09-12 CAT I (High): 1 CAT II (Med): 133 CAT III (Low): 3
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Public)

Finding ID Severity Title
V-252910 High The version of Internet Explorer running on the system must be a supported version.
V-223073 Medium Internet Explorer must be configured to disallow users to change policies.
V-223072 Medium Internet Explorer must be set to disallow users to add/delete sites.
V-223109 Medium Internet Explorer Processes for MK protocol must be enforced (iexplore).
V-223070 Medium Logon options must be configured and enforced (Restricted Sites zone).
V-223077 Medium The 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows, must be turned on.
V-223076 Medium Software must be disallowed to run or install with invalid signatures.
V-223075 Medium Security checking features must be enforced.
V-223074 Medium Internet Explorer must be configured to use machine settings.
V-223103 Medium Internet Explorer Processes for MIME handling must be enforced (iexplore).
V-223102 Medium Internet Explorer Processes for MIME handling must be enforced (Explorer).
V-223079 Medium Checking for signatures on downloaded programs must be enforced.
V-223107 Medium Internet Explorer Processes for MK protocol must be enforced (Reserved).
V-223106 Medium Internet Explorer Processes for MIME sniffing must be enforced (iexplore).
V-223105 Medium Internet Explorer Processes for MIME sniffing must be enforced (Explorer).
V-223104 Medium Internet Explorer Processes for MIME sniffing must be enforced (Reserved).
V-223046 Medium The Initialize and script ActiveX controls not marked as safe must be disallowed (Trusted Sites Zone).
V-223044 Medium Turn on SmartScreen Filter scan option for the Restricted Sites Zone must be enabled.
V-223045 Medium The Initialize and script ActiveX controls not marked as safe must be disallowed (Intranet Zone).
V-223042 Medium Prevent ignoring certificate errors option must be enabled.
V-223043 Medium Turn on SmartScreen Filter scan option for the Internet Zone must be enabled.
V-223138 Medium When uploading files to a server, the local directory path must be excluded (Restricted Sites zone).
V-223041 Medium Prevent per-user installation of ActiveX controls must be enabled.
V-223136 Medium Cross-Site Scripting Filter must be enforced (Internet zone).
V-223137 Medium Scripting of Internet Explorer WebBrowser Control must be disallowed (Restricted Sites zone).
V-223134 Medium ActiveX controls without prompt property must be used in approved domains only (Internet zone).
V-223135 Medium Internet Explorer Processes for Notification Bars must be enforced (iexplore).
V-223132 Medium Security Warning for unsafe files must be set to prompt (Internet zone).
V-223133 Medium Internet Explorer Processes for Notification Bars must be enforced (Explorer).
V-223130 Medium When uploading files to a server, the local directory path must be excluded (Internet zone).
V-223131 Medium Internet Explorer Processes for Notification Bars must be enforced (Reserved).
V-223059 Medium ActiveX controls marked safe for scripting must be disallowed (Restricted Sites zone).
V-223058 Medium ActiveX controls and plug-ins must be disallowed (Restricted Sites zone).
V-223048 Medium Run once selection for running outdated ActiveX controls must be disabled.
V-223051 Medium The Download signed ActiveX controls property must be disallowed (Restricted Sites zone).
V-223050 Medium Use of the Tabular Data Control (TDC) ActiveX control must be disabled for the Internet Zone.
V-223053 Medium VBScript must not be allowed to run in Internet Explorer (Internet zone).
V-223052 Medium Use of the Tabular Data Control (TDC) ActiveX control must be disabled for the Restricted Sites Zone.
V-223055 Medium VBScript must not be allowed to run in Internet Explorer (Restricted Sites zone).
V-223054 Medium The Download unsigned ActiveX controls property must be disallowed (Restricted Sites zone).
V-223057 Medium The Initialize and script ActiveX controls not marked as safe property must be disallowed (Restricted Sites zone).
V-223121 Medium Scripting of Java applets must be disallowed (Restricted Sites zone).
V-223120 Medium .NET Framework-reliant components signed with Authenticode must be disallowed to run (Restricted Sites Zone).
V-223123 Medium Crash Detection management must be enforced.
V-223122 Medium AutoComplete feature for forms must be disallowed.
V-223125 Medium Managing SmartScreen Filter use must be enforced.
V-223124 Medium Turn on the auto-complete feature for user names and passwords on forms must be disabled.
V-223127 Medium Deleting websites that the user has visited must be disallowed.
V-223126 Medium Browser must retain history on exit.
V-223129 Medium Scripting of Internet Explorer WebBrowser control property must be disallowed (Internet zone).
V-223128 Medium InPrivate Browsing must be disallowed.
V-223071 Medium Configuring History setting must be set to 40 days.
V-223108 Medium Internet Explorer Processes for MK protocol must be enforced (Explorer).
V-223028 Medium Java permissions must be configured with High Safety (Intranet zone).
V-223029 Medium Anti-Malware programs against ActiveX controls must be run for the Intranet zone.
V-223024 Medium Navigating windows and frames across different domains must be disallowed (Internet zone).
V-223025 Medium Userdata persistence must be disallowed (Internet zone).
V-223026 Medium Clipboard operations via script must be disallowed (Internet zone).
V-223027 Medium Logon options must be configured to prompt (Internet zone).
V-223020 Medium The Java permissions must be disallowed (Internet zone).
V-223021 Medium Accessing data sources across domains must be disallowed (Internet zone).
V-223022 Medium Functionality to drag and drop or copy and paste files must be disallowed (Internet zone).
V-223023 Medium Launching programs and files in IFRAME must be disallowed (Internet zone).
V-223040 Medium Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the internet must be enabled.
V-223060 Medium File downloads must be disallowed (Restricted Sites zone).
V-223139 Medium Security Warning for unsafe files must be disallowed (Restricted Sites zone).
V-223101 Medium Internet Explorer Processes for MIME handling must be enforced. (Reserved)
V-223100 Medium Automatic prompting for file downloads must be disallowed (Restricted Sites zone).
V-223039 Medium Prevent bypassing SmartScreen Filter warnings must be enabled.
V-223038 Medium Anti-Malware programs against ActiveX controls must be run for the Restricted Sites zone.
V-223037 Medium Anti-Malware programs against ActiveX controls must be run for the Internet zone.
V-223036 Medium Dragging of content from different domains within a window must be disallowed (Restricted Sites zone).
V-223035 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (iexplore).
V-223034 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (Explorer).
V-223033 Medium Dragging of content from different domains across windows must be disallowed (Restricted Sites zone).
V-223032 Medium Dragging of content from different domains within a window must be disallowed (Internet zone).
V-223031 Medium Anti-Malware programs against ActiveX controls must be run for the Trusted Sites zone.
V-223030 Medium Java permissions must be configured with High Safety (Trusted Sites zone).
V-223147 Medium Status bar updates via script must be disallowed (Restricted Sites zone).
V-223146 Medium Scriptlets must be disallowed (Restricted Sites zone).
V-223145 Medium .NET Framework-reliant components signed with Authenticode must be disallowed to run (Internet zone).
V-223144 Medium .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Internet zone).
V-223143 Medium Status bar updates via script must be disallowed (Internet zone).
V-223142 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (Reserved).
V-223141 Medium Cross-Site Scripting Filter property must be enforced (Restricted Sites zone).
V-223140 Medium ActiveX controls without prompt property must be used in approved domains only (Restricted Sites zone).
V-223149 Medium Dragging of content from different domains across windows must be disallowed (Internet zone).
V-223148 Medium When Enhanced Protected Mode is enabled, ActiveX controls must be disallowed to run in Protected Mode.
V-250541 Medium Allow Fallback to SSL 3.0 (Internet Explorer) must be disabled.
V-250540 Medium Turn off Encryption Support must be enabled.
V-223061 Medium Java permissions must be disallowed (Restricted Sites zone).
V-223088 Medium Java permissions must be disallowed (Locked Down Intranet zone).
V-223089 Medium Java permissions must be disallowed (Locked Down Trusted Sites zone).
V-223082 Medium Script-initiated windows without size or position constraints must be disallowed (Restricted Sites zone).
V-223083 Medium Scriptlets must be disallowed (Internet zone).
V-223080 Medium All network paths (UNCs) for Intranet sites must be disallowed.
V-223081 Medium Script-initiated windows without size or position constraints must be disallowed (Internet zone).
V-223086 Medium Anti-Malware programs against ActiveX controls must be run for the Local Machine zone.
V-223087 Medium Java permissions must be disallowed (Locked Down Local Machine zone).
V-223084 Medium Automatic prompting for file downloads must be disallowed (Internet zone).
V-223085 Medium Java permissions must be disallowed (Local Machine zone).
V-223068 Medium Active scripting must be disallowed (Restricted Sites Zone).
V-223069 Medium Clipboard operations via script must be disallowed (Restricted Sites zone).
V-223015 Medium The Internet Explorer warning about certificate address mismatch must be enforced.
V-223017 Medium The Download signed ActiveX controls property must be disallowed (Internet zone).
V-223019 Medium The Initialize and script ActiveX controls not marked as safe property must be disallowed (Internet zone).
V-223018 Medium The Download unsigned ActiveX controls property must be disallowed (Internet zone).
V-223099 Medium Allow binary and script behaviors must be disallowed (Restricted Sites zone).
V-223098 Medium Websites in less privileged web content zones must be prevented from navigating into the Restricted Sites zone.
V-223095 Medium Pop-up Blocker must be enforced (Internet zone).
V-223094 Medium Protected Mode must be enforced (Restricted Sites zone).
V-223097 Medium Websites in less privileged web content zones must be prevented from navigating into the Internet zone.
V-223096 Medium Pop-up Blocker must be enforced (Restricted Sites zone).
V-223091 Medium XAML files must be disallowed (Internet zone).
V-223090 Medium Java permissions must be disallowed (Locked Down Restricted Sites zone).
V-223093 Medium Protected Mode must be enforced (Internet zone).
V-223092 Medium XAML files must be disallowed (Restricted Sites zone).
V-223049 Medium Enabling outdated ActiveX controls for Internet Explorer must be blocked.
V-223118 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (iexplore).
V-223119 Medium .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Restricted Sites Zone).
V-223062 Medium Accessing data sources across domains must be disallowed (Restricted Sites zone).
V-223063 Medium The Allow META REFRESH property must be disallowed (Restricted Sites zone).
V-223064 Medium Functionality to drag and drop or copy and paste files must be disallowed (Restricted Sites zone).
V-223065 Medium Launching programs and files in IFRAME must be disallowed (Restricted Sites zone).
V-223066 Medium Navigating windows and frames across different domains must be disallowed (Restricted Sites zone).
V-223067 Medium Userdata persistence must be disallowed (Restricted Sites zone).
V-223110 Medium Internet Explorer Processes for Zone Elevation must be enforced (Reserved).
V-223111 Medium Internet Explorer Processes for Zone Elevation must be enforced (Explorer).
V-223112 Medium Internet Explorer Processes for Zone Elevation must be enforced (iexplore).
V-223113 Medium Internet Explorer Processes for Restrict File Download must be enforced (Reserved).
V-223114 Medium Internet Explorer Processes for Restrict File Download must be enforced (Explorer).
V-223115 Medium Internet Explorer Processes for Restrict File Download must be enforced (iexplore).
V-223116 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (Reserved).
V-223117 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (Explorer).
V-223078 Low Checking for server certificate revocation must be enforced.
V-223056 Low Internet Explorer Development Tools Must Be Disabled.
V-223016 Low Check for publishers certificate revocation must be enforced.