Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Extensions that are approved for use must be allowlisted.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-235755 | EDGE-00-000042 | SV-235755r766863_rule | Medium |
| Description |
|---|
| By default, all extensions are allowed. However, if all extensions are blocked by setting the "ExtensionInstallBlockList" policy to "*," users can only install extensions defined in this policy. |
| STIG | Date |
|---|---|
| Microsoft Edge Security Technical Implementation Guide | 2021-06-23 |
Details
| Check Text ( C-38974r766861_chk ) |
|---|
| The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Extensions/Allow specific extensions to be installed" must be set to "Enabled". Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge "ExtensionInstallAllowlist" must be set as follows: HKLM\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallAllowlist\1 = "extension_id1" HKLM\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallAllowlist\2 = "extension_id2" This requirement for "Allow specific extensions to be installed" is not required; this is optional. If configured, the list of extensions for which Microsoft Edge allows to be installed must be allowlisted; otherwise this is a finding. |
| Fix Text (F-38937r766862_fix) |
|---|
| Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Extensions/Allow specific extensions to be installed" to "Enabled". A list of allowlisted extensions may then be specified. |