UCF STIG Viewer Logo

Internet Explorer 8 STIG


Overview

Date Finding Count (125)
2014-09-30 CAT I (High): 0 CAT II (Med): 122 CAT III (Low): 3
STIG Description
The Internet Explorer 8 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Registry paths and values identified in each control assume the use of Group Policy Administrative Templates. Installations not using Group Policies to administer Microsoft Browser products may observe alternate registry paths for stored configuration values.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-15500 Medium Allow third-party browser extensions are not disabled.
V-15503 Medium Check for signatures on downloaded programs is not enabled.
V-15502 Medium Check for server certificate revocation is not enabled.
V-15504 Medium Intranet Sites: Include all network paths (UNCs) are disabled.
V-15507 Medium Allow script-initiated windows without size or position constraints for Internet Zone is not disabled.
V-15509 Medium Allow Scriptlets are not disabled.
V-6262 Medium The user Authentication - Logon is not set properly for the Internet Zone.
V-6260 Medium The Allow paste operations via script is not set properly for the Internet Zone.
V-6267 Medium The Java Permissions is not set properly for the Local Zone.
V-22171 Medium Internet Explorer Processes Restrict ActiveX Install (Reserved) property is properly set.
V-15508 Medium Allow script-initiated windows without size or position constraints for Restricted Sites Zone is not disabled.
V-15518 Medium Java permissions for group policy for Trusted Sites Zone are not disabled.
V-15519 Medium Java permissions for group policy for Internet Zone are not disabled.
V-15516 Medium Java permissions for my computer group policy are not disabled.
V-15517 Medium Java permissions for group policy for Local Intranet Zone are not disabled.
V-15515 Medium Java permissions for my computer are not disabled.
V-15513 Medium Automatic prompting for file downloads is not disabled.
V-22108 Medium Turn off Managing SmartScreen Filter property is not properly set.
V-6297 Medium The Access data sources across domains is not set properly for the Restricted Sites Zone.
V-6294 Medium The File download control is not set properly for the Restricted Sites Zone.
V-6295 Medium The Font download control is not set properly for the Restricted Sites Zone.
V-6292 Medium Run ActiveX controls and plug-ins property is not set properly for the Restricted Sites Zone.
V-6293 Medium The Script ActiveX controls marked safe for scripting property is not set properly for the Restricted Sites Zone.
V-6290 Medium The Download unsigned ActiveX controls property is not set properly for the Restricted Sites Zone.
V-6291 Medium The Initialize and script ActiveX controls not marked as safe property is not set properly for the Restricted Sites Zone.
V-6298 Medium The Allow META REFRESH is not set properly for the Restricted Sites Zone.
V-6301 Medium The Drag and drop or copy and paste files is not set properly for the Restricted Sites Zone.
V-15569 Medium Internet Explorer Processes for Zone Elevation is not enabled. (Explorer)
V-15568 Medium Internet Explorer Processes for MK protocol is not enabled. (Reserved)
V-6302 Medium The Installation of desktop items is not set properly for the Restricted Sites Zone.
V-15563 Medium Turn off changing the URL to be displayed for checking updates to Internet Explorer and Internet Tools is not disabled.
V-15562 Medium Scripting of Java applets is not disabled.
V-15561 Medium Run .NET Framework-reliant components signed with Authenticode are not disabled.
V-22636 Medium Run .NET Framework-reliant components signed with Authenticode (Internet Zone) property is properly set.
V-15566 Medium Internet Explorer Processes for MIME handling is not enabled. (IExplore)
V-15565 Medium Internet Explorer Processes for MIME handling is not enabled. (Explorer)
V-15564 Medium Turn off configuring the update check interval is not disabled.
V-6281 Medium The Java Permissions is not set properly for the Trusted Sites Zone.
V-6289 Medium The Download signed ActiveX controls property is not set properly for the Restricted Sites Zone.
V-15579 Medium Turn off Crash Detection is not enabled.
V-22688 Medium Internet Explorer Processes Restrict ActiveX Install (IExplorer) property is properly set.
V-15570 Medium Internet Explorer Processes for Zone Elevation is not enabled. (IExplore)
V-15571 Medium Internet Explorer Processes for restricting pop-up windows is not enabled. (Explorer)
V-15572 Medium Internet Explorer Processes for restricting pop-up windows is not enabled. (IExplorer)
V-22687 Medium Internet Explorer Processes Restrict ActiveX Install (Explorer) property is properly set.
V-15525 Medium Turn Off First-Run Opt-In for Internet Zone is not disabled.
V-6304 Medium The Navigate windows and frames across different domains are not set properly for the Restricted Sites Zone.
V-6307 Medium The Userdata persistence is not set properly for the Restricted Sites Zone.
V-22635 Medium Run .NET Framework-reliant components not signed with Authenticode (Internet Zone) property is properly set.
V-22634 Medium Allow status bar updates via script (Internet Zone) property is properly set.
V-22637 Medium Allow Scriptlets (Restricted Sites Zone) property is properly set.
V-6303 Medium The Launching programs and files in IFRAME is not set properly for the Restricted Sites Zone.
V-22638 Medium Allow status bar updates via script (Restricted Sites Zone) property is properly set.
V-6308 Medium The Active scripting is not set properly for the Restricted Sites Zone.
V-6309 Medium The Allow paste operations via script is not set properly for the Restricted Sites Zone.
V-15522 Medium Loose XAML files for Restricted Sites Zone are not disabled.
V-3428 Medium Internet Explorer is configured to allow users to change policies.
V-3429 Medium Internet Explorer is configured to allow users to add/delete sites.
V-3427 Medium Internet Explorer is not configured to require consistent security zone settings to all users.
V-15604 Medium Internet Explorer Processes for MIME sniffing is not enabled. (IExplore)
V-6253 Medium The Allow Drag and drop or copy and paste files is not set properly for the Internet Zone.
V-6250 Medium The Access data sources across domains is not set properly for the Internet Zone.
V-15560 Medium Run .NET Framework-reliant components not signed with Authenticode are not disabled.
V-6256 Medium The Navigate windows and frames across different domains is not set properly for the Internet Zone.
V-6254 Medium The Installation of desktop items is not set properly for the Internet Zone.
V-6255 Medium The Launching programs and files in IFRAME are not set properly for the Internet Zone.
V-6259 Medium The Userdata persistence is not set properly for the Internet Zone.
V-7007 Medium The Java Permissions is not set properly for the Restricted Sites Zone.
V-6311 Medium The User Authentication – Logon is not set properly for the Restricted Sites Zone.
V-15603 Medium Internet Explorer Processes for MIME sniffing is not enabled. (Explorer)
V-22149 Medium Prevent Deleting Web sites that the User has Visited is enabled.
V-22148 Medium Delete Browsing History on exit is disabled.
V-15545 Medium Allow binary and script behaviors are not disabled.
V-15546 Medium Automatic prompting for file downloads is not disabled.
V-6245 Medium The Initialize and script ActiveX controls not marked as safe property is not set properly for the Internet Zone.
V-15549 Medium Internet Explorer Processes for MIME sniffing is not enabled. (Reserved)
V-15548 Medium Internet Explorer Processes for MIME handling is not enabled. (Reserved)
V-15527 Medium Turn on Protected Mode Internet Zone is not enabled.
V-15526 Medium Turn Off First-Run Opt-In for Restricted Sites Zone is not disabled.
V-6243 Medium The Download signed ActiveX controls property is not set properly for the Internet Zone.
V-15524 Medium Open files based on content, not file extension for Restricted Sites Zone is not disabled.
V-15523 Medium Open files based on content, not file extension for Internet Zone is not disabled.
V-6244 Medium The Download unsigned ActiveX controls property is not set properly for the Internet Zone.
V-15521 Medium Loose XAML files for Internet Zone are not disabled.
V-15520 Medium Java permissions for group policy for Restricted Sites Zone are not disabled.
V-6249 Medium The Java Permissions is not set properly for the Internet Zone.
V-6248 Medium The Font download control is not set properly for the Internet Zone.
V-15529 Medium Use Pop-up Blocker for Internet Zone is not enabled.
V-15528 Medium Turn on Protected Mode for Restricted Sites Zone is not enabled.
V-22154 Medium Launching programs and unsafe files property is properly set (Internet Zone).
V-22155 Medium Only allow approved domains to use ActiveX controls without prompt property is properly set (Internet Zone).
V-22156 Medium Turn on Cross-Site Scripting (XSS) Filter property is properly set (Internet Zone).
V-22157 Medium Allow scripting of Internet Explorer web browser control property is properly configured (Restricted Sites Zone).
V-22150 Medium Turn off InPrivate Browsing is enabled.
V-22152 Medium Allow scripting of Internet Explorer web browser control property is set (Internet Zone).
V-22153 Medium Include local directory path when uploading files to a server property is properly set.
V-22158 Medium Include local directory path when uploading files to a server is properly set (Restricted Sites Zone).
V-22159 Medium Launching programs and unsafe files property is properly set (Restricted Sites Zone).
V-15492 Medium Prevent participation in the Customer Experience Improvement Program is not disabled.
V-15490 Medium Automatic configuration of Internet Explorer is not disabled.
V-15497 Medium Allow active content from CDs to run on user machines is not disabled.
V-15494 Medium Turn off the Security Settings Check feature is not disabled.
V-15499 Medium Allow software to run or install even if the signature is invalid is not disabled.
V-15552 Medium Internet Explorer Processes for Zone Elevation is not enabled. (Reserved)
V-15550 Medium Internet Explorer Processes for MK protocol is not enabled. (Explorer)
V-15551 Medium Internet Explorer Processes for MK protocol is not enabled. (IExplore)
V-15556 Medium Internet Explorer Processes for Download prompt is not enabled. (Reserved)
V-15557 Medium Internet Explorer Processes for Download prompt is not enabled. (Explorer)
V-15558 Medium Internet Explorer Processes for Download prompt is not enabled. (IExplore)
V-15559 Medium Internet Explorer Processes for restricting pop-up windows is not enabled. (Reserved)
V-30780 Medium Internet Explorer Processes for Information bars is not enforced (Explorer).
V-30781 Medium Internet Explorer Processes for Information bars is not enforced (IExplore).
V-15534 Medium Web sites in less privileged Web content zones can navigate into Restricted Sites Zone is not disabled.
V-15530 Medium Use Pop-up Blocker for Restricted Sites Zone is not enabled.
V-15533 Medium Web sites in less privileged Web content zones can navigate into Internet Zone is not disabled.
V-22161 Medium Turn on Cross-Site Scripting (XSS) Filter property is properly set (Restricted Sites Zone).
V-22160 Medium Only allow approved domains to use ActiveX controls without prompt property is properly set (Restricted Sites Zone).
V-30777 Medium Automatic checking for Internet Explorer updates is not disabled.
V-30779 Medium Internet Explorer Processes for Information bars are enforced (Reserved).
V-30778 Medium ActiveX opt-in prompt is not disabled.
V-17296 Medium Prevent performance of First Run Customize settings is not enabled.
V-21887 Medium Disable Configuring History - History setting is not set to 40 days.
V-14245 Low Internet Explorer - Do not allow users to enable or disable add-ons.
V-3430 Low Internet Explorer is not configured to disable making Proxy Settings Per Machine.
V-22147 Low Include updated Web site lists from Microsoft is disabled.