Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-235760 | EDGE-00-000047 | SV-235760r879587_rule | Medium |
Description |
---|
The "SitePerProcess" policy can be used to prevent users from opting out of the default behavior of isolating all sites. The "IsolateOrigins" policy can be used to isolate additional, finer-grained origins. Enabling this policy prevents users from opting out of the default behavior where each site runs in its own process. If this policy is not disabled or configured, a user can opt out of site isolation (e.g., by using "Disable site isolation" entry in edge://flags.) Disabling the policy or not configuring the policy does not turn off Site Isolation. |
STIG | Date |
---|---|
Microsoft Edge Security Technical Implementation Guide | 2024-02-13 |
Check Text ( C-38979r626476_chk ) |
---|
The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Enable site isolation for every site" must be set to "enabled". Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge If the value for "SitePerProcess" is not set to "REG_DWORD = 1", this is a finding. |
Fix Text (F-38942r626477_fix) |
---|
Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Enable site isolation for every site" to "enabled". |