| V-6227 | High | The installed version of IE must be a supported version. | Unsupported versions are no longer being evaluated or updated for security related issues. |
| V-6268 | Medium | The Access data sources across domains is not set properly for the Local Zone. | The user must know when data access crosses sources to ensure the data is being received from a source that is known. |
| V-6263 | Medium | The Download signed ActiveX controls property is not set properly for the Local Zone. | Active X controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites. |
| V-6262 | Medium | The user Authentication - Logon is not set properly for the Internet Zone. | Care must be taken with user credentials and how automatic logons are performed and how default Windows credentials are passed to web sites. |
| V-6261 | Medium | The Scripting of Java applets is not set properly for the Internet Zone. | Java Applets must have level of protection based upon the site being accessed. |
| V-6260 | Medium | The Allow paste operations via script is not set properly for the Internet Zone. | Allow paste operations via script must have level of protection based upon the site being accessed. |
| V-6267 | Medium | The Java Permissions is not set properly for the Local Zone. | Java must have level of protection based upon the site being browsed.
|
| V-6266 | Medium | The Script ActiveX controls marked safe for scripting property is not set properly for the Local Zone. | ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a
complete security measure for a control to be marked safe for scripting, if a control is... |
| V-6265 | Medium | The Initialize and script ActiveX controls not marked as safe property is not set properly for the Local Zone. | ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a
complete security measure for a control to be marked safe for scripting, if a control is... |
| V-6264 | Medium | The Download unsigned ActiveX controls property is not set properly for the Local Zone. | ActiveX controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites and they must be digitally signed. |
| V-6297 | Medium | The Access data sources across domains is not set properly for the Restricted Sites Zone. | The restricted zones is used for MS Outlook. This zone must be set properly to ensure Outlook is secured. |
| V-6294 | Medium | The File download control is not set properly for the Restricted Sites Zone. | Files should not be able to be downloaded from sites that are considered restricted. |
| V-6295 | Medium | The Font download control is not set properly for the Restricted Sites Zone. | Download of fonts can sometimes contain malicious code. Files should not be downloaded from restricted sites. |
| V-6292 | Medium | Run ActiveX controls and plug-ins property is not set properly for the Restricted Sites Zone. | ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a
complete security measure for a control to be marked safe for scripting, if a control is... |
| V-6293 | Medium | The Script ActiveX controls marked safe for scripting property is not set properly for the Restricted Sites Zone. | ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a
complete security measure for a control to be marked safe for scripting, if a control is... |
| V-6290 | Medium | The Download unsigned ActiveX controls property is not set properly for the Restricted Sites Zone. | ActiveX controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites and they must be digitally signed. |
| V-6291 | Medium | The Initialize and script ActiveX controls not marked as safe property is not set properly for the Restricted Sites Zone. | ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a
complete security measure for a control to be marked safe for scripting, if a control is... |
| V-6298 | Medium | The Allow META REFRESH is not set properly for the Restricted Site Zone. | Allow META REFRESH must have level of protection based upon the site being browsed. |
| V-6299 | Medium | The Display mixed content is not set properly for the Restricted Sites Zone. | Mixed content poses a risk when coming from a restricted site. |
| V-6285 | Medium | The Launching programs and files in IFRAME is not set properly for the Trusted Sites Zone. | Launching of programs in IFRAME must have level of protection based upon the site being accessed. |
| V-6284 | Medium | The Installation of desktop items is not set properly for the Trusted Sites Zone. | Installation of items must have level of protection based upon the site being accessed. |
| V-6287 | Medium | The Allow paste operations via script is not set properly for the Trusted Sites Zone. | Allow paste operations via script must have level of protection based upon the site being accessed. |
| V-6286 | Medium | The Software channel permissions is not set properly for the Trusted Sites Zone. | The Software channel permissions must have level of protection based upon the site being accessed. |
| V-6281 | Medium | The Java Permissions is not set properly for the Trusted Sites Zone. | Java must have level of protection based upon the site being browsed. |
| V-6280 | Medium | The ActiveX controls marked safe for scripting property is not set properly for the Trusted Sites Zone. | ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a
complete security measure for a control to be marked safe for scripting, if a control is... |
| V-6283 | Medium | The Don't prompt for client certificate selection when no certificate or only one certificate exists is not set properly for the Trusted Sites Zone. | Client certificates should not be presented to web sites without the user's acknowledgement. |
| V-6282 | Medium | The Access data sources across domains is not set properly for the Trusted Sites Zone. | Access data sources across domains must have level of protection based upon the site being accessed. |
| V-6289 | Medium | The Download signed ActiveX controls property is not set properly for the Restricted Sites Zone. | ActiveX controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites. |
| V-6288 | Medium | The User Authentication - Logon is not set properly for the Trusted Sites Zone. | Care must be taken with user credentials and how automatic logons are performed and how default Windows credentials are passed to web sites.
|
| V-6238 | Medium | The Internet Explorer SSL/TLS parameter must be set correctly. | This parameter ensures SSL and TLS are able to be used from the browser. |
| V-6239 | Medium | The IE warning of invalid certificates parameter is not set correctly | This parameter warns users if the certifcate being presented by the web site is invalid. Since server certificates are used to validate the identity of the web server it is critical to warn the... |
| V-6230 | Medium | The IE Trusted sites zone security parameter is set incorrectly. | The Trusted sites zone must be set to custom level so the other required settings for the zone can take effect. |
| V-6231 | Medium | The IE Internet zone security parameter is set incorrectly. | The Internet zone must be set to custom level so the other required settings for the zone can take effect. |
| V-6232 | Medium | The IE Restricted sites zone security parameter is set incorrectly. | The Restricted sites zone must be set to custom level so the other required settings for the zone can take effect. |
| V-6233 | Medium | The IE Local zone includes parameter is not set correctly. | This parameter controls which sites are by default in the local zone. Since this is the least restrictive zone these settings ensure that sites are not included in this zone by default. |
| V-6234 | Medium | The IE third party cookies parameter is not set correctly. | This parameter ensures that third party cookies are blocked. Third party cookies come from a site other than the site being browsed. Since these cross sites, the storing unwanted data or allowing... |
| V-6236 | Medium | The IE signature checking parameter is not set correctly. | This parameter will ensure digital signatures are checked on downloaded programs. |
| V-6237 | Medium | The IE save encrypted pages to disk parameter is not set correctly. | This parameter ensures pages using SSL or TLS are not cached to the local drive. This ensures sensitive data from a web site does not remain on the machine that is not properly protected. |
| V-6229 | Medium | IE Local zone security parameter is set incorrectly. | The Local zone must be set to custom level so the other required settings for the zone can take effect. |
| V-6228 | Medium | The IE home page is not set to blank or a trusted site. | By setting this parameter appropriately, a malicious web site will not be automatically loaded into a browser which may contain mobile code. |
| V-6304 | Medium | The Navigate sub-frames across different domains is not set properly for the Restricted Sites Zone. | Frames that navigate across different domains are a security concern because the user may think they are accessing pages on one site while they are actually accessing pages on another site.
|
| V-6305 | Medium | The Software channel permissions is not set properly for the Restricted Sites Zone. | Software channel permissions must have level of protection based upon the site being accessed. |
| V-6306 | Medium | The Submit non-encrypted form data is not set properly for the Restricted Sites Zone. | Submit non-encrypted form data must have level of protection based upon the site being accessed. |
| V-6307 | Medium | The Userdata persistence is not set properly for the Restricted Sites Zone. | No perseistant data should exist and be used in the Restricted sites zone. |
| V-6300 | Medium | The Don’t prompt for client certificate selection when no certificate or only one certificate exists is not set properly for the Restricted Sites Zone. | Client certificates should not be presented to web sites without the user's acknowledgement. |
| V-6301 | Medium | The Drag and drop or copy and paste files is not set properly for the Restricted Sites Zone. | Drag and Drop of files must have level of protection based upon the site being accessed. |
| V-6302 | Medium | The Installation of desktop items is not set properly for the Restricted Sites Zone. | Installation of items must have level of protection based upon the site being accessed. |
| V-6303 | Medium | The Launching programs and files in IFRAME is not set properly for the Restricted Sites Zone. | Launching of programs in IFRAME must have level of protection based upon the site being accessed. |
| V-16879 | Medium | The Download signed ActiveX controls property is not set properly for the Lockdown Zone. | This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you enable this policy, users can download signed controls without user... |
| V-6308 | Medium | The Active scripting is not set properly for the Restricted Sites Zone. | Active Scripting must have level of protection based upon the site being accessed. |
| V-6309 | Medium | The Allow paste operations via script is not set properly for the Restricted Sites Zone. | The Allow paste operations via script must have level of protection based upon the site being browsed. |
| V-3428 | Medium | Internet Explorer is configured to Allow Users to Change Policies. | This setting prevents users from changing the Internet Explorer policies on the machine. Policy changes should be made by Administrators only, so this setting should be Enabled. |
| V-3429 | Medium | Internet Explorer is configured to Allow Users to Add/Delete Sites. | This setting prevents users from adding sites to various security zones. Users should not be able to add sites to different zones, as this could allow them to bypass security controls of the system. |
| V-3427 | Medium | Internet Explorer is not configured to require consistent security zone settings to all users. | This setting enforces consistent security zone settings to all users of the computer. Security Zones control browser behavior at various web sites and it is desirable to maintain a consistent... |
| V-6252 | Medium | The Don't prompt for client certificate selection when no certificate or only one certificate exists is not set properly for the Internet Zone. | Client certificates should not be presented to web sites without the user's acknowledgement. |
| V-6253 | Medium | The Allow Drag and drop or copy and paste files is not set properly for the Internet Zone. | Drag and Drop or copy and paste files must have level of protection based upon the site being accessed. |
| V-6250 | Medium | The Access data sources across domains is not set properly for the Internet Zone. | Access to data sources across multiple domains must be controlled based upon the site being browsed. |
| V-6251 | Medium | The Display mixed content is not set properly for the Internet Zone. | Display mixed content must have level of protection based upon the site being browsed. |
| V-6256 | Medium | The Navigate sub-frames across different domains is not set properly for the Internet Zone. | Frames that navigate across different domains are a security concern because the user may think they are accessing pages on one site while they are actually accessing pages on another site. |
| V-6257 | Medium | The Software channel permissions is not set properly for the Internet Zone. | Software Channel permissions must have level of protection based upon the site being accessed. |
| V-6254 | Medium | The Installation of desktop items is not set properly for the Internet Zone. | Installation of items must have level of protection based upon the site being accessed. |
| V-6255 | Medium | The Launching programs and files in IFRAME is not set properly for the Internet Zone. | Launching of programs in IFRAME must have level of protection based upon the site being accessed. |
| V-6258 | Medium | The Submit non-encrypted form data is not set properly for the Internet Zone. | The user needs to be prompted before sending information from a browser that is not encrypted. |
| V-6259 | Medium | The Userdata persistence is not set properly for the Internet Zone. | Userdata persistence must have level of protection based upon the site being accessed. |
| V-7006 | Medium | The IE search parameter is not set correctly. | This parameter ensures automatic searches are not performed from the address bar. When a web site is not found and searching is performed, potentially malicious or unsuited sites may be displayed. |
| V-7007 | Medium | The Java Permissions is not set properly for the Restricted Sites Zone. | Java must have level of protection based upon the site being browsed. |
| V-6313 | Medium | The Cipher setting for DES 56/56 is not set properly. | This cipher setting controls the behavior of the DES 56/56 encryption algorthm. |
| V-6312 | Medium | The Microsoft Java VM is installed. | This software is no longer being support and should be removed. |
| V-6311 | Medium | The User Authentication – Logon is not set properly for the Restricted Sites Zone. | Care must be taken with user credentials and how automatic logons are performed and how default Windows credentials are passed to web sites.
|
| V-6310 | Medium | The Scripting of Java applets is not set properly for the Restricted Sites Zone. | The Scripting of Java applets must have level of protection based upon the site being accessed. |
| V-6317 | Medium | IE is not capable to use 128-bit encryption. | IE must be enabled to use 128 bit encryption. This will lead to stronger encryption when supported by the web server for SSL connections. |
| V-6316 | Medium | The Hash setting for SHA is not set properly. | This ensures that the Hash value for SHA is enabled. |
| V-6315 | Medium | The Cipher setting for Triple DES is not set properly. | This enables the Triple Des cipher. |
| V-6314 | Medium | The Cipher setting for Null is not set properly. | This controls the behavior of the Null cipher. |
| V-6319 | Medium | The Error Reporting tool for IE is installed or enabled. | An error reporting tool may send sensitive data to a vendor. |
| V-3431 | Medium | Internet Explorer is configured to allow Automatic Install of components. | This setting controls the ability of Internet Explorer to automatically install components if it goes to a site that requires components that are not currently installed. The System Administrator... |
| V-3432 | Medium | Internet Explorer is configured to automatically check for updates. | This setting determines whether or not Internet Explorer will periodically check the Microsoft web sites to determine if there are updates to Internet Explorer available. The SA should manually... |
| V-6241 | Medium | The IE form redirect parameter is not set correctly. | This parameter warns the user that input from the form is being redirected to another web site. Since the form may contain sensitive data the user must be warned that the data is not being... |
| V-6240 | Medium | The IE changing zones parameter is not set correctly. | This parameter warns the user when changing between zones. This conveys important information to the user so the user is reminded that the zone has changed and the possiblity the type of data to... |
| V-6243 | Medium | The Download signed ActiveX controls property is not set properly for the Internet Zone. | Active X controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites. |
| V-6242 | Medium | Users can change the advanced settings in IE. | Since most of the IE settings can be changed through the GUI, it is important to ensure that user's cannot change these settings. Some settings will restrict users from visiting certain sites or... |
| V-6245 | Medium | The Initialize and script ActiveX controls not marked as safe property is not set properly for the Internet Zone. | ActiveX controls that are not marked safe scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not... |
| V-6244 | Medium | The Download unsigned ActiveX controls property is not set properly for the Internet Zone. | Active X controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites and they must be digitally signed.
|
| V-6246 | Medium | The Script ActiveX controls marked safe for scripting property is not set properly for the Internet Zone. | ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not... |
| V-6249 | Medium | The Java Permissions is not set properly for the Internet Zone. | Java must have level of protections based upon the site being browsed. |
| V-6248 | Medium | The Font download control is not set properly for the Internet Zone. | Download of fonts can sometimes contain malicious code. |
| V-32808 | Medium | Check for publishers certificate revocation is enforced. | Check for publisher's certificate revocation options should be enforced to ensure all PKI signed objects are validated. |
| V-6278 | Medium | The Download unsigned ActiveX controls property is not set properly for the Trusted Sites Zone. | ActiveX controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites and they must be digitally signed. |
| V-6279 | Medium | The Initialize and script ActiveX controls not marked as safe property is not set properly for the Trusted Sites Zone. | ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a
complete security measure for a control to be marked safe for scripting, if a control is... |
| V-6274 | Medium | The Software channel permissions is not set properly for the Local Zone. | Software channel permissions must have level of protection based upon the site being accessed. |
| V-6275 | Medium | The Allow paste operations via script is not set properly for the Local Zone. | The Allow paste operations via script must have level of protection based upon the site being accessed. |
| V-6276 | Medium | The User Authentication - Logon is not set properly for the Local Zone. | Care must be taken with user credentials and how automatic logons are performed and how default Windows credentials are passed to web sites. |
| V-6277 | Medium | The Download signed ActiveX controls property is not set properly for the Trusted Sites Zone. | ActiveX controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites and they must be digitally signed. |
| V-6271 | Medium | The Don't prompt for client certificate selection when no certificate or only one certificate exists is not set properly for the Local Zone. | Client certificates should not be presented to web sites without the user's acknowledgement. |
| V-6272 | Medium | The Installation of desktop items is not set properly for the Local Zone. | Installation of items must have level of protection based upon the site being accessed. |
| V-6273 | Medium | The Launching programs and files in IFRAME is not set properly for the Local Zone. | Launching of programs in IFRAME must have level of protection based upon the site being accessed. |
| V-3430 | Low | Internet Explorer is not configured to disable making Proxy Settings Per Machine. | This setting controls whether or not the Internet Explorer proxy settings are configured on a per-user or per-machine basis. |
| V-3433 | Low | Internet Explorer is configured to notify users when programs are modified through the software distribution channel. | Microsoft Internet Explorer now supports a software distribution channel that may be used to update software installed on a machine. If this setting is enabled, users will not be notified when... |
