UCF STIG Viewer Logo

Internet Explorer 9 Security Technical Implementation Guide


Overview

Date Finding Count (134)
2015-03-26 CAT I (High): 0 CAT II (Med): 131 CAT III (Low): 3
STIG Description
The Internet Explorer 9 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-15500 Medium Third-party browser extensions must be disallowed.
V-15503 Medium Checking for signatures on downloaded programs must be enforced.
V-15502 Medium Checking for server certificate revocation must be enforced.
V-15504 Medium All network paths (UNCs) for Intranet sites must be disallowed.
V-15507 Medium Script-initiated windows without size or position constraints must be disallowed (Internet zone).
V-15509 Medium Scriptlets must be disallowed (Internet zone).
V-6262 Medium Logon options must be configured to prompt (Internet zone).
V-6260 Medium Clipboard operations via script must be disallowed (Internet zone).
V-6267 Medium Java Permissions must be configured with High Safety (Intranet zone).
V-22171 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (Reserved).
V-15508 Medium Script-initiated windows without size or position constraints must be disallowed (Restricted Sites zone).
V-15518 Medium Java permissions must be disallowed (Locked Down Trusted Sites zone).
V-15519 Medium Java permissions must be disallowed (Locked Down Internet zone).
V-15516 Medium Java permissions must be disallowed (Locked Down Local Machine zone).
V-15517 Medium Java permissions must be disallowed (Locked Down Intranet zone).
V-15515 Medium Java permissions must be disallowed (Local Machine zone).
V-15513 Medium Automatic prompting for file downloads must be disallowed (Internet zone).
V-22108 Medium Managing SmartScreen Filter use must be enforced.
V-6297 Medium Accessing data sources across domains must be disallowed (Restricted Sites zone).
V-6294 Medium File downloads must be disallowed (Restricted Site zone).
V-6295 Medium Font downloads must be disallowed (Restricted Site zone).
V-6292 Medium ActiveX controls and plug-ins must be disallowed (Restricted Sites zone).
V-6293 Medium ActiveX controls marked safe for scripting must be disallowed (Restricted Sites zone).
V-6290 Medium The Download unsigned ActiveX controls property must be disallowed (Restricted Site zone).
V-6291 Medium The Initialize and script ActiveX controls not marked as safe property must be disallowed (Restricted Site zone).
V-6298 Medium The Allow META REFRESH property must be disallowed (Restricted Sites zone).
V-15581 Medium AutoComplete feature for user names and passwords on forms must be disallowed.
V-6301 Medium Functionality to drag and drop or copy and paste files must be disallowed (Restricted Sites zone).
V-15569 Medium Internet Explorer Processes for Zone Elevation must be enforced (Explorer).
V-15568 Medium Internet Explorer Processes for MK protocol must be enforced (Reserved).
V-6302 Medium Installation of desktop items must be disallowed (Restricted Sites zone).
V-15563 Medium The URL to be displayed for checking updates to Internet Explorer and Internet Tools must be about:blank.
V-15562 Medium Scripting of Java applets must be disallowed (Restricted Sites zone).
V-15561 Medium .NET Framework-reliant components signed with Authenticode must be disallowed to run (Restricted Site Zone).
V-22636 Medium .NET Framework-reliant components signed with Authenticode must be disallowed to run (Internet Zone).
V-15566 Medium Internet Explorer Processes for MIME handling must be enforced (IExplore).
V-15565 Medium Internet Explorer Processes for MIME handling must be enforced (Explorer).
V-15564 Medium The update check interval must be configured and set to 30 days.
V-6281 Medium The Java Permissions must be set with High Safety (Trusted Sites zone).
V-6289 Medium The Download signed ActiveX controls property must be disallowed (Restricted Site zone).
V-15579 Medium Crash Detection must be enforced.
V-22688 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (IExplore).
V-15570 Medium Internet Explorer Processes for Zone Elevation must be enforced (IExplore).
V-15571 Medium  Internet Explorer Processes for restricting pop-up windows must be enforced (Explorer).
V-15572 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (IExplore).
V-22687 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (Explorer).
V-15574 Medium AutoComplete feature for forms must be disallowed.
V-15575 Medium External branding feature of Internet Explorer must be disallowed .
V-6238 Medium The IE TLS parameter must be set correctly.
V-6239 Medium The IE warning about certificate address mismatch must be enforced.
V-6243 Medium The Download signed ActiveX controls property must be disallowed (Internet zone).
V-6228 Medium The IE home page is not set to blank or a trusted site.
V-6304 Medium Navigating windows and frames across different domains must be disallowed (Restricted Sites zone).
V-6307 Medium Userdata persistence must be disallowed (Restricted Sites zone).
V-22635 Medium .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Internet Zone).
V-22634 Medium Status bar updates via script must be disallowed (Internet zone).
V-22637 Medium Scriptlets must be disallowed (Restricted Site zone).
V-6303 Medium Launching programs and files in IFRAME must be disallowed (Restricted Sites zone).
V-22638 Medium Status bar updates via script must be disallowed (Restricted Site zone).
V-6308 Medium Active scripting must be disallowed (Restricted Sites Zone).
V-6309 Medium Clipboard operations via script must be disallowed (Restricted Sites zone).
V-6244 Medium The Download unsigned ActiveX controls property must be disallowed (Internet zone).
V-3428 Medium Internet Explorer must be configured to disallow users to change policies.
V-3429 Medium Internet Explorer must be set to disallow users to add/delete sites.
V-3427 Medium Internet Explorer must be configured to use machine settings.
V-15604 Medium Internet Explorer Processes for MIME sniffing must be enforced (IExplore).
V-6253 Medium Functionality to drag and drop or copy and paste files must be disallowed (Internet zone).
V-6250 Medium Accessing data sources across domains must be disallowed (Internet zone).
V-15560 Medium .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Restricted Site Zone).
V-6256 Medium Navigating windows and frames across different domains must be disallowed (Internet zone).
V-6255 Medium Launching programs and files in IFRAME must be disallowed (Internet zone).
V-6259 Medium Userdata persistence must be disallowed (Internet zone).
V-7007 Medium Java Permissions must be disallowed (Restricted Sites zone).
V-6311 Medium Logon options must be configured and enforced (Restricted Sites zone).
V-15603 Medium Internet Explorer Processes for MIME sniffing must be enforced (Explorer).
V-15528 Medium Protected Mode must be enforced (Restricted Sites zone).
V-22149 Medium Deleting web sites that the user has visited must be disallowed.
V-22148 Medium Browser must retain history on exit.
V-15545 Medium Allow binary and script behaviors must be disallowed (Restricted Sites zone).
V-15546 Medium Automatic prompting for file downloads must be disallowed (Restricted Sites zone).
V-6245 Medium The Initialize and script ActiveX controls not marked as safe property must be disallowed (Internet zone).
V-15549 Medium Internet Explorer Processes for MIME sniffing must be enforced (Reserved).
V-15548 Medium Internet Explorer Processes for MIME handling must be enforced (Reserved).
V-15527 Medium Protected Mode must be enforced (Internet zone).
V-15526 Medium First-Run Opt-In ability must be disallowed (Restricted Sites zone).
V-15525 Medium First-Run Opt-In ability must be disallowed (Internet zone).
V-15524 Medium MIME sniffing must be disallowed (Restricted Sites zone).
V-15523 Medium MIME sniffing must be disallowed (Internet zone).
V-15522 Medium Loose XAML files must be disallowed (Restricted Sites zone).
V-15521 Medium Loose XAML files must be disallowed (Internet zone).
V-15520 Medium Java permissions must be disallowed (Locked Down Restricted Sites zone).
V-6249 Medium The Java Permissions must be disallowed (Internet zone).
V-6248 Medium Font downloads must be disallowed (Internet zone).
V-15529 Medium Pop-up Blocker must be enforced (Internet zone).
V-32808 Medium Check for publishers certificate revocation must be enforced.
V-22154 Medium Launching programs and unsafe files property must be set to prompt (Internet zone).
V-22155 Medium ActiveX controls without prompt property must be used in approved domains only (Internet zone).
V-22156 Medium Cross-Site Scripting (XSS) Filter must be enforced (Internet zone).
V-22157 Medium Scripting of Internet Explorer Web Browser Control must be disallowed (Restricted Sites zone).
V-22150 Medium InPrivate Browsing must be disallowed.
V-22152 Medium Scripting of Internet Explorer web browser control property must be disallowed (Internet zone).
V-22153 Medium When uploading files to a server, the local directory path must be excluded (Internet zone).
V-22158 Medium When uploading files to a server, the local directory path must be excluded (Restricted Sites zone).
V-22159 Medium Launching programs and unsafe files property must be set to prompt (Restricted Site zone).
V-15492 Medium Participation in the Customer Experience Improvement Program must be disallowed.
V-15490 Medium Automatic configuration of Internet Explorer must be disallowed.
V-15497 Medium Active content from CDs must be disallowed to run on user machines.
V-15494 Medium Security checking features must be enforced.
V-15499 Medium Software must be disallowed to run or install with invalid signatures.
V-15552 Medium Internet Explorer Processes for Zone Elevation must be enforced (Reserved).
V-15550 Medium Internet Explorer Processes for MK protocol must be enforced (Explorer).
V-15551 Medium Internet Explorer Processes for MK protocol must be enforced (IExplore).
V-15556 Medium Internet Explorer Processes for Restrict File Download must be enforced (Reserved).
V-15557 Medium Internet Explorer Processes for Restrict File Download must be enforced (Explorer).
V-15558 Medium Internet Explorer Processes for Restrict File Download must be enforced (IExplore).
V-15559 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (Reserved).
V-30780 Medium Internet Explorer Processes for notification bars must be enforced (Explorer).
V-30781 Medium Internet Explorer Processes for notification bars must be enforced (IExplore).
V-15534 Medium Web sites in less privileged web content zones must be disallowed to navigate into the Restricted Site zone.
V-15530 Medium Pop-up Blocker must be enforced (Restricted Sites zone).
V-15533 Medium Web sites in less privileged web content zones must be disallowed to navigate into the Internet zone.
V-22161 Medium Cross-Site Scripting (XSS) Filter property must be enforced (Restricted Site zone).
V-22160 Medium ActiveX controls without prompt property must be used in approved domains only (Restricted Site zone).
V-30777 Medium Automatic checking for Internet Explorer updates must be disallowed.
V-30776 Medium Suggested Sites functionality must be disallowed.
V-30775 Medium Browser Geolocation functionality must be disallowed.
V-30774 Medium Add-on performance notifications must be disallowed.
V-30779 Medium Internet Explorer Processes for notification bars must be enforced (Reserved).
V-30778 Medium ActiveX opt-in prompt must be disallowed.
V-17296 Medium First Run Customize settings must be enabled as home page.
V-21887 Medium Configuring History setting must be set to 40 days.
V-14245 Low Ability for users to enable or disable add-ons must be enforced.
V-3430 Low Internet Explorer must be configured to make Proxy settings per user.
V-22147 Low Updates to web site lists from Microsoft must be disallowed.