Site isolation for every site must be enabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-235760 | EDGE-00-000047 | SV-235760r960963_rule | CCI-000381 | medium |
| Description | ||||
| The "SitePerProcess" policy can be used to prevent users from opting out of the default behavior of isolating all sites. The "IsolateOrigins" policy can be used to isolate additional, finer-grained origins. Enabling this policy prevents users from opting out of the default behavior where each site runs in its own process. If this policy is not disabled or configured, a user can opt out of site isolation (e.g., by using "Disable site isolation" entry in edge://flags.) Disabling the policy or not configuring the policy does not turn off Site Isolation. | ||||
| STIG | Date | |||
| Microsoft Edge Security Technical Implementation Guide | 2025-05-15 | |||
Details
Check Text (C-235760r960963_chk)
The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Enable site isolation for every site" must be set to "enabled".
Use the Windows Registry Editor to navigate to the following key:
HKLM\SOFTWARE\Policies\Microsoft\Edge
If the value for "SitePerProcess" is not set to "REG_DWORD = 1", this is a finding.
Fix Text (F-38942r626477_fix)
Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Enable site isolation for every site" to "enabled".