Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-235753 | EDGE-00-000039 | SV-235753r879751_rule | Low |
Description |
---|
Define a list of sites, based on URL patterns that can open pop-up windows. |
STIG | Date |
---|---|
Microsoft Edge Security Technical Implementation Guide | 2024-02-13 |
Check Text ( C-38972r862951_chk ) |
---|
This requirement for "Allow pop-up windows on specific sites" is not required; this is optional. The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Content settings/Allow pop-up windows on specific sites" must be set to "Enabled". Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge "PopupsAllowedForUrls" must be set as follows: HKLM\SOFTWARE\Policies\Microsoft\Edge\PopupsAllowedForUrls\1 = mydomain.com HKLM\SOFTWARE\Policies\Microsoft\Edge\PopupsAllowedForUrls\2 = myagency.mil If configured, the list of domains for which Microsoft Edge allows pop-ups may be allowlisted. |
Fix Text (F-38935r766856_fix) |
---|
Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Content settings/Allow pop-up windows on specific sites" to "Enabled". A list of allowlisted URLs may be specified here. |