UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Microsoft Edge Security Technical Implementation Guide


Overview

Date Finding Count (59)
2024-06-10 CAT I (High): 2 CAT II (Med): 47 CAT III (Low): 10
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Sensitive)

Finding ID Severity Title
V-235759 High Edge must be configured to allow only TLS.
V-235758 High The version of Microsoft Edge running on the system must be a supported version.
V-235740 Medium Importing of shortcuts must be disabled.
V-246736 Medium Use of the QUIC protocol must be disabled.
V-235733 Medium Importing of extensions must be disabled.
V-235750 Medium Browser history must be saved.
V-235739 Medium Importing of search engine settings must be disabled.
V-235738 Medium Importing of saved passwords must be disabled.
V-235737 Medium Importing of payment info must be disabled.
V-235736 Medium Importing of open tabs must be disabled.
V-235735 Medium Importing of home page settings must be disabled.
V-235732 Medium Importing of cookies must be disabled.
V-235730 Medium Importing of autofill form data must be disabled.
V-235773 Medium Relaunch notification must be required.
V-235772 Medium Guest mode must be disabled.
V-235771 Medium The Share Experience feature must be disabled.
V-235734 Medium Importing of browsing history must be disabled.
V-235774 Medium The built-in DNS client must be disabled.
V-235754 Medium Extensions installation must be blocklisted by default.
V-235756 Medium The Password Manager must be disabled.
V-235746 Medium Autofill for addresses must be disabled.
V-235745 Medium Autofill for Credit Cards must be disabled.
V-235747 Medium Online revocation checks must be performed.
V-235742 Medium WebUSB must be disabled.
V-235770 Medium The collections feature must be disabled.
V-235728 Medium Network prediction must be disabled.
V-235729 Medium Search suggestions must be disabled.
V-260467 Medium Session only-based cookies must be enabled.
V-260466 Medium Copilot must be disabled.
V-235724 Medium Background processing must be disabled.
V-235725 Medium The ability of sites to show pop-ups must be disabled.
V-235726 Medium The default search provider must be set to use an encrypted connection.
V-235720 Medium Bypassing Microsoft Defender SmartScreen prompts for sites must be disabled.
V-235721 Medium Bypassing of Microsoft Defender SmartScreen warnings about downloads must be disabled.
V-235723 Medium InPrivate mode must be disabled.
V-235760 Medium Site isolation for every site must be enabled.
V-235761 Medium Supported authentication schemes must be configured.
V-235744 Medium Web Bluetooth API must be disabled.
V-235763 Medium Microsoft Defender SmartScreen must be enabled.
V-235764 Medium Microsoft Defender SmartScreen must be configured to block potentially unwanted apps.
V-235743 Medium Google Cast must be disabled.
V-235766 Medium Tracking of browsing activity must be disabled.
V-235767 Medium A website's ability to query for payment methods must be disabled.
V-235768 Medium Suggestions of similar web pages in the event of a navigation error must be disabled.
V-235769 Medium User feedback must be disabled.
V-235741 Medium Autoplay must be disabled.
V-235748 Medium Personalization of ads, search, and news by sending browsing history to Microsoft must be disabled.
V-235749 Medium Site tracking of a user’s location must be disabled.
V-260465 Medium Visual Search must be disabled.
V-235752 Low Download restrictions must be configured.
V-235755 Low Extensions that are approved for use must be allowlisted if used.
V-235731 Low Importing of browser settings must be disabled.
V-251694 Low The list of domains media autoplay allows must be allowlisted if used.
V-235719 Low User control of proxy settings must be disabled.
V-235753 Low URLs must be allowlisted for plugin use if used.
V-235765 Low The download location prompt must be configured.
V-235727 Low Data Synchronization must be disabled.
V-235722 Low The list of domains for which Microsoft Defender SmartScreen will not trigger warnings must be allowlisted if used.
V-235751 Low Edge development tools must be disabled.