Site isolation for every site must be enabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-235760 | EDGE-00-000047 | SV-235760r960963_rule | CCI-000381 | medium |
| Description | ||||
| The "SitePerProcess" policy can be used to prevent users from opting out of the default behavior of isolating all sites. The "IsolateOrigins" policy can be used to isolate additional, finer-grained origins. Enabling this policy prevents users from opting out of the default behavior where each site runs in its own process. If this policy is not disabled or configured, a user can opt out of site isolation (e.g., by using "Disable site isolation" entry in edge://flags.) Disabling the policy or not configuring the policy does not turn off Site Isolation. | ||||
| STIG | Date | |||
| Microsoft Edge Security Technical Implementation Guide | 2025-05-15 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-7
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.4.6
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000381
1.00
- DISA · 2 · disa_xccdf · related
Details
Check Text (C-235760r960963_chk)
The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Enable site isolation for every site" must be set to "enabled".
Use the Windows Registry Editor to navigate to the following key:
HKLM\SOFTWARE\Policies\Microsoft\Edge
If the value for "SitePerProcess" is not set to "REG_DWORD = 1", this is a finding.
Fix Text (F-38942r626477_fix)
Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Enable site isolation for every site" to "enabled".