{
"stig": {
"date": "2014-12-17",
"description": "None",
"findings": {
"V-16879": {
"checkid": "C-17467r1_chk",
"checktext": "The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Locked-Down Internet Zone -> \"Download signed ActiveX controls\" will be set to \u201cEnabled\u201d and \"Disable\" selected from down drop box.\n\nProcedure: Use the Windows Registry Editor to navigate to the following key: \n\nHKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3\n\nCriteria: If the value 1001 is REG_DWORD = 3, this is not a finding.\n",
"description": "This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.",
"fixid": "F-16726r1_fix",
"fixtext": "The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Locked-Down Internet Zone -> \"Download signed ActiveX controls\" will be set to \u201cEnabled\u201d and \"Disable\" selected from down drop box.\n\nProcedure: Use the Windows Registry Editor to navigate to the following key: \n\nHKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3\n\nCriteria: Set the value 1001 to REG_DWORD = 3.\n",
"iacontrols": [
"DCMC-1"
],
"id": "V-16879",
"ruleID": "SV-17879r1_rule",
"severity": "medium",
"title": "The Download signed ActiveX controls property is not set properly for the Lockdown Zone.",
"version": "DTBI025"
},
"V-32808": {
"checkid": "C-41148r3_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key:\n \nHKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\WinTrust\\Trust Providers\\Software Publishing\n\nCriteria: If the value State is REG_DWORD = 65536 (decimal), this is not a finding.\n",
"description": "Check for publisher's certificate revocation options should be enforced to ensure all PKI signed objects are validated.",
"fixid": "F-36696r7_fix",
"fixtext": "Change the registry key\nHKEY_CURRENT_USER\\Software\\Microsoft\\CurrentVersion\\WinTrust\\Trust Providers\\Software Publishing to 65536. \n\n \n",
"iacontrols": [
"ECSC-1"
],
"id": "V-32808",
"ruleID": "SV-43160r2_rule",
"severity": "medium",
"title": "Check for publishers certificate revocation is enforced.",
"version": "DTBI018"
},
"V-3427": {
"checkid": "C-1745r1_chk",
"checktext": "If the following registry value doesn\u2019t exist or is not configured as specified this is a finding:\n\nRegistry Hive: HKEY_LOCAL_MACHINE\nSubkey: \\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\\n\nValue Name:\t Security_HKLM_only\n\nType: REG_DWORD\nValue: 1\n",
"description": "This setting enforces consistent security zone settings to all users of the computer. Security Zones control browser behavior at various web sites and it is desirable to maintain a consistent policy for all users of a machine.",
"fixid": "F-5909r1_fix",
"fixtext": "Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer \u201cSecurity Zones: Use only machine settings\u201d to \u201cEnabled\u201d. ",
"iacontrols": [
"ECSC-1"
],
"id": "V-3427",
"ruleID": "SV-3427r1_rule",
"severity": "medium",
"title": "Internet Explorer is not configured to require consistent security zone settings to all users.",
"version": "DTBI320"
},
"V-3428": {
"checkid": "C-1746r1_chk",
"checktext": "If the following registry value doesn\u2019t exist or is not configured as specified, this is a finding:\n\nRegistry Hive: HKEY_LOCAL_MACHINE\nSubkey: \\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\\n\nValue Name: Security_Options_Edit\n\nType: REG_DWORD\nValue: 1\n",
"description": "This setting prevents users from changing the Internet Explorer policies on the machine. Policy changes should be made by Administrators only, so this setting should be Enabled.",
"fixid": "F-5910r1_fix",
"fixtext": "Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer \u201cSecurity Zones: Do Not Allow Users to Change Policies\u201d to \u201cEnabled\u201d.",
"iacontrols": [
"ECSC-1"
],
"id": "V-3428",
"ruleID": "SV-3428r1_rule",
"severity": "medium",
"title": "Internet Explorer is configured to Allow Users to Change Policies.",
"version": "DTBI319"
},
"V-3429": {
"checkid": "C-1748r1_chk",
"checktext": "If the following registry value doesn\u2019t exist or is not configured as specified, this is a finding:\n\nRegistry Hive: HKEY_LOCAL_MACHINE\nSubkey: \\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\\n\nValue Name:\t Security_Zones_Map_Edit\n\nType: REG_DWORD\nValue: 1\n",
"description": "This setting prevents users from adding sites to various security zones. Users should not be able to add sites to different zones, as this could allow them to bypass security controls of the system.",
"fixid": "F-5911r1_fix",
"fixtext": "Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer \u201cSecurity Zones: Do Not Allow Users to Add/Delete Sites\u201d to \u201cEnabled\u201d.",
"iacontrols": [
"ECSC-1"
],
"id": "V-3429",
"ruleID": "SV-3429r1_rule",
"severity": "medium",
"title": "Internet Explorer is configured to Allow Users to Add/Delete Sites.",
"version": "DTBI318"
},
"V-3430": {
"checkid": "C-1749r1_chk",
"checktext": "Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer \u201cMake proxy settings per-machine (rather than per user)\u201d to \u201cDisabled\u201d.\n\nProcedure: Use the Windows Registry Editor to navigate to the following key: \n\nHKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\\n\nCriteria: If the value ProxySettingsPerUser is REG_DWORD = 1, this is not a finding.\n",
"description": "This setting controls whether or not the Internet Explorer proxy settings are configured on a per-user or per-machine basis.",
"fixid": "F-5912r1_fix",
"fixtext": "Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer \u201cMake proxy settings per-machine (rather than per user)\u201d to \u201cDisabled\u201d.\n\nProcedure: Use the Windows Registry Editor to navigate to the following key: \n\nHKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\\n\nCriteria: Set the value ProxySettingsPerUser to REG_DWORD = 1.\n",
"iacontrols": [
"ECSC-1"
],
"id": "V-3430",
"ruleID": "SV-3430r1_rule",
"severity": "low",
"title": "Internet Explorer is not configured to disable making Proxy Settings Per Machine.",
"version": "DTBI367"
},
"V-3431": {
"checkid": "C-1753r1_chk",
"checktext": "If the following registry value doesn\u2019t exist or is not configured as specified, this is a finding:\n\nRegistry Hive: HKEY_LOCAL_MACHINE\nSubkey: \\Software\\Policies\\Microsoft\\Internet Explorer\\InfoDelivery\\Restrictions\\\n\nValue Name:\tNoJITSetup\n\nType: REG_DWORD\nValue: 1\n",
"description": "This setting controls the ability of Internet Explorer to automatically install components if it goes to a site that requires components that are not currently installed. The System Administrator should install all components on the system. If additional components are necessary, the user should inform the SA and have the SA install the components.",
"fixid": "F-5913r1_fix",
"fixtext": "Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer \u201cDisable Automatic Install of Internet Explorer components\u201d to \u201cEnabled\u201d.",
"iacontrols": [
"DCSL-1"
],
"id": "V-3431",
"ruleID": "SV-3431r1_rule",
"severity": "medium",
"title": "Internet Explorer is configured to allow Automatic Install of components.",
"version": "DTBI316"
},
"V-3432": {
"checkid": "C-1767r1_chk",
"checktext": "If the following registry value doesn\u2019t exist or is not configured as specified, this is a finding:\n\nRegistry Hive: HKEY_LOCAL_MACHINE\nSubkey: \\Software\\Policies\\Microsoft\\Internet Explorer\\InfoDelivery\\Restrictions\\\n\nValue Name: NoUpdateCheck\n\nType: REG_DWORD\nValue: 1\n",
"description": "This setting determines whether or not Internet Explorer will periodically check the Microsoft web sites to determine if there are updates to Internet Explorer available. The SA should manually install all updates on a system so that configuration control is maintained.",
"fixid": "F-5914r1_fix",
"fixtext": "Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer \u201cDisable Periodic Check for Internet Explorer Software Updates\u201d to \u201cEnabled\u201d.",
"iacontrols": [
"DCSL-1"
],
"id": "V-3432",
"ruleID": "SV-3432r1_rule",
"severity": "medium",
"title": "Internet Explorer is configured to automatically check for updates.",
"version": "DTBI317"
},
"V-3433": {
"checkid": "C-1771r1_chk",
"checktext": "If the following registry value exists and its value is not set to 1, then this is a finding:\n\nRegistry Hive:\tHKEY_LOCAL_MACHINE\nSubkey: \\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\\nValue Name:\tNoMSAppLogo5ChannelNotify\nType: \t\tREG_DWORD\nValue: \t\t1 \n",
"description": "Microsoft Internet Explorer now supports a software distribution channel that may be used to update software installed on a machine. If this setting is enabled, users will not be notified when programs are modified through the software distribution channel. This allows administrators to update workstations without user intervention.",
"fixid": "F-5915r1_fix",
"fixtext": "Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer \u201cDisable Software Update Shell Notifications on Program Launch\u201d to \u201cEnabled\u201d.",
"iacontrols": [
"ECSC-1"
],
"id": "V-3433",
"ruleID": "SV-3433r1_rule",
"severity": "low",
"title": "Internet Explorer is configured to notify users when programs are modified through the software distribution channel.",
"version": "DTBI137"
},
"V-6227": {
"checkid": "C-163r3_chk",
"checktext": "Procedure: Open Internet Explorer, Select Help, Select About.\n\nCriteria: If the version number of Internet Explorer is any version of Internet Explorer 6, this is a Finding.\n\nNote: The end of life for Internet Explorer 6 running on a Windows 2003r2 server is July 14, 2015.",
"description": "Unsupported versions are no longer being evaluated or updated for security related issues.",
"fixid": "F-128r1_fix",
"fixtext": "Upgrade to the supported software version.",
"iacontrols": [
"ECSC-1"
],
"id": "V-6227",
"ruleID": "SV-6277r3_rule",
"severity": "high",
"title": "The installed version of IE must be a supported version.",
"version": "DTBG003"
},
"V-6228": {
"checkid": "C-170r2_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\\Software\\Microsoft\\Internet Explorer\\Main\n\nCriteria: If the value Start Page is about:blank or a trusted site this is not a finding. \n",
"description": "By setting this parameter appropriately, a malicious web site will not be automatically loaded into a browser which may contain mobile code.",
"fixid": "F-131r2_fix",
"fixtext": "Change Start Page value to about:blank or a trusted site.",
"iacontrols": [
"DCMC-1"
],
"id": "V-6228",
"ruleID": "SV-6278r3_rule",
"severity": "medium",
"title": "The IE home page is not set to blank or a trusted site.",
"version": "DTBI001"
},
"V-6229": {
"checkid": "C-175r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: If the value Currrentlevel is 0, this is not a finding.\n",
"description": "The Local zone must be set to custom level so the other required settings for the zone can take effect.",
"fixid": "F-135r1_fix",
"fixtext": "Change the value of registry HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1 to Currentlevel is 0",
"iacontrols": [
"DCMC-1"
],
"id": "V-6229",
"ruleID": "SV-6279r1_rule",
"severity": "medium",
"title": "IE Local zone security parameter is set incorrectly.",
"version": "DTBI002"
},
"V-6230": {
"checkid": "C-176r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value Currrentlevel is 0, this is not a finding. \n",
"description": "The Trusted sites zone must be set to custom level so the other required settings for the zone can take effect.",
"fixid": "F-136r1_fix",
"fixtext": "Change value of registry HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2 to Currentlevel is 0",
"iacontrols": [
"DCMC-1"
],
"id": "V-6230",
"ruleID": "SV-6280r1_rule",
"severity": "medium",
"title": "The IE Trusted sites zone security parameter is set incorrectly.",
"version": "DTBI003"
},
"V-6231": {
"checkid": "C-177r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value Currrentlevel is 0, this is not a finding.\n",
"description": "The Internet zone must be set to custom level so the other required settings for the zone can take effect.",
"fixid": "F-137r1_fix",
"fixtext": "Change the value of registry HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3 to Currentlevel is 0.",
"iacontrols": null,
"id": "V-6231",
"ruleID": "SV-6281r1_rule",
"severity": "medium",
"title": "The IE Internet zone security parameter is set incorrectly.",
"version": "DTBI004"
},
"V-6232": {
"checkid": "C-178r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value Currrentlevel is 0, this is not a finding. \n",
"description": "The Restricted sites zone must be set to custom level so the other required settings for the zone can take effect.",
"fixid": "F-138r1_fix",
"fixtext": "Change the value of registry HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4 to Currentlevel is 0.",
"iacontrols": [
"DCMC-1"
],
"id": "V-6232",
"ruleID": "SV-6282r1_rule",
"severity": "medium",
"title": "The IE Restricted sites zone security parameter is set incorrectly.",
"version": "DTBI005"
},
"V-6233": {
"checkid": "C-179r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: If the value Flags is less than or equal to 0x43 (hex) or 67 (Dec), this is not a finding. \n",
"description": "This parameter controls which sites are by default in the local zone. Since this is the least restrictive zone these settings ensure that sites are not included in this zone by default.",
"fixid": "F-139r1_fix",
"fixtext": "Change the value of registry key HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1 to Flags is 0x43.",
"iacontrols": [
"ECSC-1"
],
"id": "V-6233",
"ruleID": "SV-6283r1_rule",
"severity": "medium",
"title": "The IE Local zone includes parameter is not set correctly.",
"version": "DTBI006"
},
"V-6234": {
"checkid": "C-180r1_chk",
"checktext": "Procedure: From the Tools/Internet Options dialog, Select the Privacy tab and click the Advanced button.\n\n\nCriteria: If the Third-party Cookies are not configured to Block, this is a finding. \n",
"description": "This parameter ensures that third party cookies are blocked. Third party cookies come from a site other than the site being browsed. Since these cross sites, the storing unwanted data or allowing data to be retrieved later via the cookie is of greater concern for malicious activity.",
"fixid": "F-140r1_fix",
"fixtext": "Under Tools/Internet Options, select the Privacy Tab and click the Advanced button. Change third party cookies to blocked.",
"iacontrols": [
"ECSC-1"
],
"id": "V-6234",
"ruleID": "SV-6284r1_rule",
"severity": "medium",
"title": "The IE third party cookies parameter is not set correctly.",
"version": "DTBI007"
},
"V-6236": {
"checkid": "C-192r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\\Software\\Microsoft\\Internet Explorer\\Download\n\nCriteria: If the value CheckExeSignatures is yes, this is not a finding. \n",
"description": "This parameter will ensure digital signatures are checked on downloaded programs.",
"fixid": "F-151r1_fix",
"fixtext": "Change the value of registry key HKCU\\Software\\Microsoft\\Internet Explorer\\Download to CheckExeSignatures is yes.",
"iacontrols": [
"DCMC-1"
],
"id": "V-6236",
"ruleID": "SV-6286r1_rule",
"severity": "medium",
"title": "The IE signature checking parameter is not set correctly.",
"version": "DTBI012"
},
"V-6237": {
"checkid": "C-197r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\n\nCriteria: If the value DisableCachingOfSSLPages is 1, this is not a finding. \nIf the Do not save encrypted pages to disk is 0 enabled and the permissions of the Temporary Internet files folder are not the same as, or more restrictive than, those in the following table, this is a Finding.\n\nvariable\\Temporary Internet Files(The variable portion of the path name depends on the configuration setting in Internet Explorer.)\t\nAdministrators ALL\nCREATOR OWNER ALL\nSYSTEM ALL\n[user]\tALL",
"description": "This parameter ensures pages using SSL or TLS are not cached to the local drive. This ensures sensitive data from a web site does not remain on the machine that is not properly protected.",
"fixid": "F-153r1_fix",
"fixtext": "Change the value of registry key HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings to DisableCachingOfSSLPages is 1",
"iacontrols": [
"ECSC-1"
],
"id": "V-6237",
"ruleID": "SV-6287r1_rule",
"severity": "medium",
"title": "The IE save encrypted pages to disk parameter is not set correctly.",
"version": "DTBI013"
},
"V-6238": {
"checkid": "C-198r6_chk",
"checktext": "Open Internet Explorer. From the menu bar, select Tools. From the Tools drop-down menu, select Internet Options. From the Internet Options window, select the Advanced tab, from the Advanced tab window scroll down to the Security category. Verify a check mark is placed in 'Use SSL 3.0' and 'Use TLS 1.0' check boxes. Check marks can also be placed in 'Use TLS 1.1' and/or 'Use TLS 1.2'. If so, this is acceptable and not a finding. Verify there is not a check placed in the check box for 'Use SSL 2.0'. If 'Use SSL 2.0' is checked, then this is a finding. \n",
"description": "This parameter ensures SSL and TLS are able to be used from the browser.",
"fixid": "F-154r5_fix",
"fixtext": "Fix Text: \nOpen Internet Explorer. From the menu bar, select Tools. From the Tools drop-down menu, select Internet Options. From the Internet Options window, select the Advanced tab, from the Advanced tab window scroll down to the Security category. Place a check mark in 'Use SSL 3.0' and 'Use TLS 1.0' check boxes. Check marks can also be placed in 'Use TLS 1.1' and/or 'Use TLS 1.2'. Uncheck 'Use SSL 2.0' option. \n",
"iacontrols": [
"ECSC-1"
],
"id": "V-6238",
"ruleID": "SV-6288r3_rule",
"severity": "medium",
"title": "The Internet Explorer SSL/TLS parameter must be set correctly.",
"version": "DTBI014"
},
"V-6239": {
"checkid": "C-207r3_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: \n\nHKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\n\nCriteria: If the value WarnonBadCertRecving value is 1, this is not a finding. \n",
"description": "This parameter warns users if the certifcate being presented by the web site is invalid. Since server certificates are used to validate the identity of the web server it is critical to warn the user of a potential issue with the certificate being presented by the web server.",
"fixid": "F-5686r3_fix",
"fixtext": "Change the registry key \n\nHKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings to the value WarnonBadCertRecving to 1",
"iacontrols": [
"ECSC-1"
],
"id": "V-6239",
"ruleID": "SV-6289r2_rule",
"severity": "medium",
"title": "The IE warning of invalid certificates parameter is not set correctly",
"version": "DTBI015"
},
"V-6240": {
"checkid": "C-209r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\n\nCriteria: If the value WarnonZoneCrossing value is 1, this is not a finding. \n",
"description": "This parameter warns the user when changing between zones. This conveys important information to the user so the user is reminded that the zone has changed and the possiblity the type of data to be entered in the site has changed. Also the user expected actions have also changed based upon what happens when a mobile code technology is encountered.",
"fixid": "F-5687r1_fix",
"fixtext": "Change the registry key HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings to the value WarnonZoneCrossing is 1.",
"iacontrols": [
"DCMC-1"
],
"id": "V-6240",
"ruleID": "SV-6290r1_rule",
"severity": "medium",
"title": "The IE changing zones parameter is not set correctly.",
"version": "DTBI016"
},
"V-6241": {
"checkid": "C-210r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\n\nCriteria: If the value WarnOnPostRedirect value is 1, this is not a finding. \n",
"description": "This parameter warns the user that input from the form is being redirected to another web site. Since the form may contain sensitive data the user must be warned that the data is not being directed to the site the user was using. This enables the user to make a decision if the data on the form is appropriate for inclusion into the new web site.",
"fixid": "F-5689r1_fix",
"fixtext": "Change the registry key HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings to the value WarnOnPostRedirect is 1.",
"iacontrols": [
"ECSC-1"
],
"id": "V-6241",
"ruleID": "SV-6291r1_rule",
"severity": "medium",
"title": "The IE form redirect parameter is not set correctly.",
"version": "DTBI017"
},
"V-6242": {
"checkid": "C-211r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\n\nCriteria: If the value AdvancedTab is 1, this is not a finding. If the value is not 1 or the key is not present, this is a finding.\n",
"description": "Since most of the IE settings can be changed through the GUI, it is important to ensure that user's cannot change these settings. Some settings will restrict users from visiting certain sites or will restrict the functionality of sites. It is important that access to changing the settings is removed.",
"fixid": "F-5690r1_fix",
"fixtext": "Change the registry key HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel to the value AdvancedTab is 1.",
"iacontrols": [
"DCMC-1"
],
"id": "V-6242",
"ruleID": "SV-6292r1_rule",
"severity": "medium",
"title": "Users can change the advanced settings in IE.",
"version": "DTBI021"
},
"V-6243": {
"checkid": "C-212r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: \n\nHKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value 1001 is REG_DWORD = 3 (Disabled = 3), this is not a finding.\n",
"description": "Active X controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites.",
"fixid": "F-5691r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria:Set the value 1001 to REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6243",
"ruleID": "SV-6293r1_rule",
"severity": "medium",
"title": "The Download signed ActiveX controls property is not set properly for the Internet Zone.",
"version": "DTBI022"
},
"V-6244": {
"checkid": "C-213r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value 1004 is REG_DWORD = 3 (Disabled = 3), this is not a finding.\n",
"description": "Active X controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites and they must be digitally signed.\n",
"fixid": "F-5692r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: Set the value 1004 to REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6244",
"ruleID": "SV-6294r1_rule",
"severity": "medium",
"title": "The Download unsigned ActiveX controls property is not set properly for the Internet Zone.",
"version": "DTBI023"
},
"V-6245": {
"checkid": "C-214r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value 1201 is REG_DWORD = 3 (Disabled = 3), this is not a finding.\n",
"description": "ActiveX controls that are not marked safe scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not marked safe, it should not be initialized and executed.",
"fixid": "F-5693r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value 1201 is REG_DWORD = 3 (Disabled = 3).\n",
"iacontrols": [
"DCMC-1"
],
"id": "V-6245",
"ruleID": "SV-6295r1_rule",
"severity": "medium",
"title": "The Initialize and script ActiveX controls not marked as safe property is not set properly for the Internet Zone.",
"version": "DTBI024"
},
"V-6246": {
"checkid": "C-215r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value 1405 is REG_DWORD = 1 (Prompt = 1), this is not a finding. \n",
"description": "ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not marked safe, it should not be initialized and executed.",
"fixid": "F-5695r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value 1405 is REG_DWORD = 1 (Prompt = 1). \n",
"iacontrols": [
"DCMC-1"
],
"id": "V-6246",
"ruleID": "SV-6296r1_rule",
"severity": "medium",
"title": "The Script ActiveX controls marked safe for scripting property is not set properly for the Internet Zone.",
"version": "DTBI026"
},
"V-6248": {
"checkid": "C-243r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value 1604 is REG_DWORD = 1 (Prompt = 1), this is not a finding.\n",
"description": "Download of fonts can sometimes contain malicious code. ",
"fixid": "F-5703r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: Set the value 1604 to REG_DWORD = 1 (Prompt = 1).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6248",
"ruleID": "SV-6300r1_rule",
"severity": "medium",
"title": "The Font download control is not set properly for the Internet Zone.",
"version": "DTBI030"
},
"V-6249": {
"checkid": "C-244r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value 1C00 is REG_DWORD = 0 (Disabled = 0), this is not a finding. \n",
"description": "Java must have level of protections based upon the site being browsed.",
"fixid": "F-5704r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: Set the value 1C00 to REG_DWORD = 0 (Disabled = 0).\n",
"iacontrols": [
"DCMC-1"
],
"id": "V-6249",
"ruleID": "SV-6301r1_rule",
"severity": "medium",
"title": "The Java Permissions is not set properly for the Internet Zone.",
"version": "DTBI031"
},
"V-6250": {
"checkid": "C-245r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value 1406 is REG_DWORD = 3 (Disabled = 3), this is not a finding.\n",
"description": "Access to data sources across multiple domains must be controlled based upon the site being browsed.",
"fixid": "F-5705r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: Set the value 1406 to REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6250",
"ruleID": "SV-6302r1_rule",
"severity": "medium",
"title": "The Access data sources across domains is not set properly for the Internet Zone.",
"version": "DTBI032"
},
"V-6251": {
"checkid": "C-247r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value 1609 is REG_DWORD = 1 (Prompt = 1), this is not a finding.\n",
"description": "Display mixed content must have level of protection based upon the site being browsed.",
"fixid": "F-5706r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: Set the value 1609 to REG_DWORD = 1 (Prompt = 1).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6251",
"ruleID": "SV-6303r1_rule",
"severity": "medium",
"title": "The Display mixed content is not set properly for the Internet Zone.",
"version": "DTBI034"
},
"V-6252": {
"checkid": "C-248r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value 1A04 is REG_DWORD=3 (Disabled), this is not a finding. \n",
"description": "Client certificates should not be presented to web sites without the user's acknowledgement.",
"fixid": "F-5707r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: Set the value 1A04 to REG_DWORD=3 (Disabled).",
"iacontrols": [
"ECSC-1"
],
"id": "V-6252",
"ruleID": "SV-6304r1_rule",
"severity": "medium",
"title": "The Don't prompt for client certificate selection when no certificate or only one certificate exists is not set properly for the Internet Zone.",
"version": "DTBI035"
},
"V-6253": {
"checkid": "C-249r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value for 1802 is REG_DWORD = 3 (Disable= 3) or the value does not exist, this is not a finding.\n",
"description": "Drag and Drop or copy and paste files must have level of protection based upon the site being accessed.",
"fixid": "F-5708r1_fix",
"fixtext": "If a value for this zone is present and not set to 3 change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: Set the value 1802 to REG_DWORD = 3 (Disable= 3). \n\n",
"iacontrols": [
"ECSC-1"
],
"id": "V-6253",
"ruleID": "SV-6305r1_rule",
"severity": "medium",
"title": "The Allow Drag and drop or copy and paste files is not set properly for the Internet Zone.",
"version": "DTBI036"
},
"V-6254": {
"checkid": "C-250r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value 1800 is REG_DWORD = 3 (Disabled = 3), this is not a finding.\n",
"description": "Installation of items must have level of protection based upon the site being accessed.",
"fixid": "F-5709r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: Set the value 1800 to REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6254",
"ruleID": "SV-6306r1_rule",
"severity": "medium",
"title": "The Installation of desktop items is not set properly for the Internet Zone.",
"version": "DTBI037"
},
"V-6255": {
"checkid": "C-255r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value 1804 is REG_DWORD = 3 (Disabled = 3), this is not a finding.\n",
"description": "Launching of programs in IFRAME must have level of protection based upon the site being accessed.",
"fixid": "F-5710r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: Set the value 1804 to REG_DWORD = 3 (Disabled = 3).\n",
"iacontrols": [
"DCMC-1"
],
"id": "V-6255",
"ruleID": "SV-6307r1_rule",
"severity": "medium",
"title": "The Launching programs and files in IFRAME is not set properly for the Internet Zone.",
"version": "DTBI038"
},
"V-6256": {
"checkid": "C-284r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value 1607 is REG_DWORD = 1 (Prompt = 1), this is not a finding.\n",
"description": "Frames that navigate across different domains are a security concern because the user may think they are accessing pages on one site while they are actually accessing pages on another site.",
"fixid": "F-5714r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: Set the value 1607 to REG_DWORD = 1 (Prompt = 1).\n",
"iacontrols": [
"ECSC-1"
],
"id": "V-6256",
"ruleID": "SV-6311r1_rule",
"severity": "medium",
"title": "The Navigate sub-frames across different domains is not set properly for the Internet Zone.",
"version": "DTBI039"
},
"V-6257": {
"checkid": "C-297r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value 1E05 is REG_DWORD = 65536 (High Safety), this is not a finding.\n",
"description": "Software Channel permissions must have level of protection based upon the site being accessed.",
"fixid": "F-15395r1_fix",
"fixtext": "Procedure: Use the Windows Registry Editor to navigate to the following key: \nHKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: Set the value 1E05 to REG_DWORD = 65536 (High Safety).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6257",
"ruleID": "SV-6313r1_rule",
"severity": "medium",
"title": "The Software channel permissions is not set properly for the Internet Zone.",
"version": "DTBI040"
},
"V-6258": {
"checkid": "C-306r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value 1601 is REG_DWORD = 1 (Prompt), this is not a finding.\n",
"description": "The user needs to be prompted before sending information from a browser that is not encrypted.",
"fixid": "F-5720r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: Set the value 1601 to REG_DWORD = 1 (Prompt).\n",
"iacontrols": [
"ECSC-1"
],
"id": "V-6258",
"ruleID": "SV-6315r1_rule",
"severity": "medium",
"title": "The Submit non-encrypted form data is not set properly for the Internet Zone.",
"version": "DTBI041"
},
"V-6259": {
"checkid": "C-310r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value 1606 is REG_DWORD = 3 (Disabled = 3), this is not a finding.\n",
"description": "Userdata persistence must have level of protection based upon the site being accessed.",
"fixid": "F-5722r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: Set the value 1606 to REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"ECSC-1"
],
"id": "V-6259",
"ruleID": "SV-6316r1_rule",
"severity": "medium",
"title": "The Userdata persistence is not set properly for the Internet Zone.",
"version": "DTBI042"
},
"V-6260": {
"checkid": "C-313r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value 1407 is REG_DWORD = 3 (Disabled = 3), this is not a finding.\n",
"description": "Allow paste operations via script must have level of protection based upon the site being accessed.",
"fixid": "F-5724r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: Set the value 1407 to REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"ECSC-1"
],
"id": "V-6260",
"ruleID": "SV-6318r1_rule",
"severity": "medium",
"title": "The Allow paste operations via script is not set properly for the Internet Zone.",
"version": "DTBI044"
},
"V-6261": {
"checkid": "C-315r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value 1402 is REG_DWORD = 1 (Prompt), this is not a finding.\n",
"description": "Java Applets must have level of protection based upon the site being accessed.",
"fixid": "F-5726r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: Set the value 1402 to REG_DWORD = 1 (Prompt).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6261",
"ruleID": "SV-6319r1_rule",
"severity": "medium",
"title": "The Scripting of Java applets is not set properly for the Internet Zone.",
"version": "DTBI045"
},
"V-6262": {
"checkid": "C-318r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: If the value 1A00 is REG_DWORD = 65536 (decimal), this is not a finding.\n",
"description": "Care must be taken with user credentials and how automatic logons are performed and how default Windows credentials are passed to web sites.",
"fixid": "F-5728r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\n\nCriteria: Set the value 1A00 to REG_DWORD = 65536 (decimal).",
"iacontrols": [
"ECSC-1"
],
"id": "V-6262",
"ruleID": "SV-6321r1_rule",
"severity": "medium",
"title": "The user Authentication - Logon is not set properly for the Internet Zone.",
"version": "DTBI046"
},
"V-6263": {
"checkid": "C-320r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: If the value 1001 is REG_DWORD 1 (Prompt), this is not a finding.\n",
"description": "Active X controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites.",
"fixid": "F-5729r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: Set the value 1001 to REG_DWORD 1 (Prompt).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6263",
"ruleID": "SV-6322r1_rule",
"severity": "medium",
"title": "The Download signed ActiveX controls property is not set properly for the Local Zone.",
"version": "DTBI052"
},
"V-6264": {
"checkid": "C-323r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: If the value 1004 is REG_DWORD = 3, this is not a finding. \n",
"description": "ActiveX controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites and they must be digitally signed.",
"fixid": "F-5731r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: Set the value 1004 to REG_DWORD = 3.",
"iacontrols": [
"DCMC-1"
],
"id": "V-6264",
"ruleID": "SV-6324r1_rule",
"severity": "medium",
"title": "The Download unsigned ActiveX controls property is not set properly for the Local Zone.",
"version": "DTBI053"
},
"V-6265": {
"checkid": "C-324r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: If the value 1201 is REG_DWORD 3, this is not a finding. \n",
"description": "ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a \ncomplete security measure for a control to be marked safe for scripting, if a control is not marked \nsafe, it should not be initialized and executed.\n",
"fixid": "F-5732r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: Set the value 1201 to REG_DWORD 3.",
"iacontrols": [
"DCMC-1"
],
"id": "V-6265",
"ruleID": "SV-6325r1_rule",
"severity": "medium",
"title": "The Initialize and script ActiveX controls not marked as safe property is not set properly for the Local Zone.",
"version": "DTBI054"
},
"V-6266": {
"checkid": "C-326r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: If the value 1405 is REG_DWORD 1 (Prompt), this is not a finding.\n",
"description": "ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a \ncomplete security measure for a control to be marked safe for scripting, if a control is not marked \nsafe, it should not be initialized and executed.\n",
"fixid": "F-5733r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: Set the value 1405 to REG_DWORD 1 (Prompt).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6266",
"ruleID": "SV-6326r1_rule",
"severity": "medium",
"title": "The Script ActiveX controls marked safe for scripting property is not set properly for the Local Zone.",
"version": "DTBI056"
},
"V-6267": {
"checkid": "C-327r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: If the value 1C00 is REG_DWORD = 65536, (High Safety), this is not a finding. \n\n",
"description": "Java must have level of protection based upon the site being browsed.\n",
"fixid": "F-5734r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: Set the value 1C00 to REG_DWORD = 65536, (High Safety).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6267",
"ruleID": "SV-6327r1_rule",
"severity": "medium",
"title": "The Java Permissions is not set properly for the Local Zone.",
"version": "DTBI061"
},
"V-6268": {
"checkid": "C-328r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: If the value 1406 is REG_DWORD 1 (Prompt) or 3 (Disabled), this is not a finding. \n\n",
"description": "The user must know when data access crosses sources to ensure the data is being received from a source that is known.",
"fixid": "F-5735r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: If the value 1406 is REG_DWORD 1 (Prompt) or 3 (Disabled).",
"iacontrols": [
"ECSC-1"
],
"id": "V-6268",
"ruleID": "SV-6328r1_rule",
"severity": "medium",
"title": "The Access data sources across domains is not set properly for the Local Zone.",
"version": "DTBI062"
},
"V-6271": {
"checkid": "C-331r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: If the value 1A04 is REG_DWORD = 3 (Disabled), this is not a finding. \n\n",
"description": "Client certificates should not be presented to web sites without the user's acknowledgement.",
"fixid": "F-5736r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: If the value 1A04 is REG_DWORD = 3 (Disabled).",
"iacontrols": [
"ECSC-1"
],
"id": "V-6271",
"ruleID": "SV-6331r1_rule",
"severity": "medium",
"title": "The Don't prompt for client certificate selection when no certificate or only one certificate exists is not set properly for the Local Zone.",
"version": "DTBI065"
},
"V-6272": {
"checkid": "C-380r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: If the value 1800 is REG_DWORD 1 (Prompt) or 3 (Disabled), this is not a finding.\n",
"description": "Installation of items must have level of protection based upon the site being accessed.",
"fixid": "F-5746r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: If the value 1800 is REG_DWORD 1 (Prompt) or 3 (Disabled).\n",
"iacontrols": [
"DCMC-1"
],
"id": "V-6272",
"ruleID": "SV-6333r1_rule",
"severity": "medium",
"title": "The Installation of desktop items is not set properly for the Local Zone.",
"version": "DTBI067"
},
"V-6273": {
"checkid": "C-382r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: If the value 1804 is REG_DWORD 1 (Prompt) or 3 (Disabled), this is not a finding.\n\n",
"description": "Launching of programs in IFRAME must have level of protection based upon the site being accessed.",
"fixid": "F-5748r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: If the value 1804 is REG_DWORD 1 (Prompt) or 3 (Disabled).\n",
"iacontrols": [
"DCMC-1"
],
"id": "V-6273",
"ruleID": "SV-6334r1_rule",
"severity": "medium",
"title": "The Launching programs and files in IFRAME is not set properly for the Local Zone.",
"version": "DTBI068"
},
"V-6274": {
"checkid": "C-384r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: If the value 1E05 is REG_DWORD = 65536 (High Safety), this is not a finding.\n",
"description": "Software channel permissions must have level of protection based upon the site being accessed.",
"fixid": "F-5749r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: If the value 1E05 is REG_DWORD = 65536 (High Safety).\n",
"iacontrols": [
"DCMC-1"
],
"id": "V-6274",
"ruleID": "SV-6336r1_rule",
"severity": "medium",
"title": "The Software channel permissions is not set properly for the Local Zone.",
"version": "DTBI070"
},
"V-6275": {
"checkid": "C-385r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: If the value 1407 is REG_DWORD 1 (Prompt) or 3 (Disabled), this is not a finding.\n",
"description": "The Allow paste operations via script must have level of protection based upon the site being accessed.",
"fixid": "F-5750r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: If the value 1407 is REG_DWORD 1 (Prompt) or 3 (Disabled).\n",
"iacontrols": [
"ECSC-1"
],
"id": "V-6275",
"ruleID": "SV-6337r1_rule",
"severity": "medium",
"title": "The Allow paste operations via script is not set properly for the Local Zone.",
"version": "DTBI074"
},
"V-6276": {
"checkid": "C-387r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: If the value 1A00 is REG_DWORD = 0 (Automatically logon with current username and password), this is not a finding. \n",
"description": "Care must be taken with user credentials and how automatic logons are performed and how default Windows credentials are passed to web sites.",
"fixid": "F-5752r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\n\nCriteria: If the value 1A00 is REG_DWORD = 0 (Automatically logon with current username and password).",
"iacontrols": [
"ECSC-1"
],
"id": "V-6276",
"ruleID": "SV-6338r1_rule",
"severity": "medium",
"title": "The User Authentication - Logon is not set properly for the Local Zone.",
"version": "DTBI076"
},
"V-6277": {
"checkid": "C-388r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1001 is REG_DWORD 1 (Prompt) or 3 (Disabled), this is not a finding. \n",
"description": "ActiveX controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites and they must be digitally signed.",
"fixid": "F-5753r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1001 is REG_DWORD 1 (Prompt) or 3 (Disabled). \n",
"iacontrols": [
"DCMC-1"
],
"id": "V-6277",
"ruleID": "SV-6339r1_rule",
"severity": "medium",
"title": "The Download signed ActiveX controls property is not set properly for the Trusted Sites Zone.",
"version": "DTBI082"
},
"V-6278": {
"checkid": "C-389r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1004 is REG_DWORD=3 (Disabled), this is not a finding. \n",
"description": "ActiveX controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites and they must be digitally signed.",
"fixid": "F-5754r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1004 is REG_DWORD=3 (Disabled).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6278",
"ruleID": "SV-6340r1_rule",
"severity": "medium",
"title": "The Download unsigned ActiveX controls property is not set properly for the Trusted Sites Zone.",
"version": "DTBI083"
},
"V-6279": {
"checkid": "C-390r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1201 is REG_DWORD=3 (Disabled), this is not a finding. \n",
"description": "ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a \ncomplete security measure for a control to be marked safe for scripting, if a control is not marked \nsafe, it should not be initialized and executed.",
"fixid": "F-5755r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1201 is REG_DWORD=3 (Disabled).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6279",
"ruleID": "SV-6341r1_rule",
"severity": "medium",
"title": "The Initialize and script ActiveX controls not marked as safe property is not set properly for the Trusted Sites Zone.",
"version": "DTBI084"
},
"V-6280": {
"checkid": "C-392r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1405 is REG_DWORD=1 (Prompt), this is not a finding. \n",
"description": "ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a \ncomplete security measure for a control to be marked safe for scripting, if a control is not marked \nsafe, it should not be initialized and executed.",
"fixid": "F-5757r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1405 is REG_DWORD=1.",
"iacontrols": [
"DCMC-1"
],
"id": "V-6280",
"ruleID": "SV-6342r1_rule",
"severity": "medium",
"title": "The ActiveX controls marked safe for scripting property is not set properly for the Trusted Sites Zone.",
"version": "DTBI086"
},
"V-6281": {
"checkid": "C-417r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1C00 is REG_DWORD = 65536, (High Safety), this is not a finding.\n\n",
"description": "Java must have level of protection based upon the site being browsed.",
"fixid": "F-5765r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1C00 is REG_DWORD = 65536, (High Safety).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6281",
"ruleID": "SV-6348r1_rule",
"severity": "medium",
"title": "The Java Permissions is not set properly for the Trusted Sites Zone.",
"version": "DTBI091"
},
"V-6282": {
"checkid": "C-418r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1406 is REG_DWORD=1 (Prompt) or 3 (Disabled), this is not a finding. \n",
"description": "Access data sources across domains must have level of protection based upon the site being accessed.",
"fixid": "F-5766r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1406 is REG_DWORD=1 (Prompt) or 3 (Disabled),.\n",
"iacontrols": [
"DCMC-1"
],
"id": "V-6282",
"ruleID": "SV-6349r1_rule",
"severity": "medium",
"title": "The Access data sources across domains is not set properly for the Trusted Sites Zone.",
"version": "DTBI092"
},
"V-6283": {
"checkid": "C-419r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1A04 is REG_DWORD=3 (Disabled), this is not a finding. \n\n",
"description": "Client certificates should not be presented to web sites without the user's acknowledgement.",
"fixid": "F-5767r1_fix",
"fixtext": "Change the registry key HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2 to the value 1A04 is 3.",
"iacontrols": [
"ECSC-1"
],
"id": "V-6283",
"ruleID": "SV-6350r1_rule",
"severity": "medium",
"title": "The Don't prompt for client certificate selection when no certificate or only one certificate exists is not set properly for the Trusted Sites Zone.",
"version": "DTBI095"
},
"V-6284": {
"checkid": "C-420r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1800 is REG_DWORD=1 (Prompt) or 3 (Disabled), this is not a finding.\n\n",
"description": "Installation of items must have level of protection based upon the site being accessed.",
"fixid": "F-5768r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1800 is REG_DWORD=1 (Prompt) or 3 (Disabled).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6284",
"ruleID": "SV-6351r1_rule",
"severity": "medium",
"title": "The Installation of desktop items is not set properly for the Trusted Sites Zone.",
"version": "DTBI097"
},
"V-6285": {
"checkid": "C-422r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1804 is REG_DWORD=1 (Prompt) or 3 (Disabled), this is not a finding.\n",
"description": "Launching of programs in IFRAME must have level of protection based upon the site being accessed.",
"fixid": "F-5769r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1804 is REG_DWORD=1 (Prompt) or 3 (Disabled).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6285",
"ruleID": "SV-6352r1_rule",
"severity": "medium",
"title": "The Launching programs and files in IFRAME is not set properly for the Trusted Sites Zone.",
"version": "DTBI098"
},
"V-6286": {
"checkid": "C-423r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1E05 is REG_DWORD=65536 (High Safety), this is not a finding. \n",
"description": "The Software channel permissions must have level of protection based upon the site being accessed.",
"fixid": "F-5771r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1E05 is REG_DWORD=65536 (High Safety).\n",
"iacontrols": [
"DCMC-1"
],
"id": "V-6286",
"ruleID": "SV-6353r1_rule",
"severity": "medium",
"title": "The Software channel permissions is not set properly for the Trusted Sites Zone.",
"version": "DTBI100"
},
"V-6287": {
"checkid": "C-429r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1407 is REG_DWORD=1 (Prompt) or 3 (Disabled), this is not a finding.\n",
"description": "Allow paste operations via script must have level of protection based upon the site being accessed.",
"fixid": "F-5775r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1407 is REG_DWORD=1 (Prompt) or 3 (Disabled).",
"iacontrols": [
"ECSC-1"
],
"id": "V-6287",
"ruleID": "SV-6355r1_rule",
"severity": "medium",
"title": "The Allow paste operations via script is not set properly for the Trusted Sites Zone.",
"version": "DTBI104"
},
"V-6288": {
"checkid": "C-430r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1A00 is REG_DWORD=65536 (Prompt), this is not a finding. \n",
"description": "Care must be taken with user credentials and how automatic logons are performed and how default Windows credentials are passed to web sites.\n",
"fixid": "F-5776r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\n\nCriteria: If the value 1A00 is REG_DWORD=65536 (Prompt).",
"iacontrols": [
"ECSC-1"
],
"id": "V-6288",
"ruleID": "SV-6356r1_rule",
"severity": "medium",
"title": "The User Authentication - Logon is not set properly for the Trusted Sites Zone.",
"version": "DTBI106"
},
"V-6289": {
"checkid": "C-440r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1001 is REG_DWORD = 3 (Disabled = 3), this is not a finding.\n",
"description": "ActiveX controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites.",
"fixid": "F-5777r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1001 is REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6289",
"ruleID": "SV-6357r1_rule",
"severity": "medium",
"title": "The Download signed ActiveX controls property is not set properly for the Restricted Sites Zone.",
"version": "DTBI112"
},
"V-6290": {
"checkid": "C-443r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1004 is REG_DWORD = 3 (Disabled = 3), this is not a finding. \n",
"description": "ActiveX controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites and they must be digitally signed.",
"fixid": "F-5778r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1004 is REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6290",
"ruleID": "SV-6358r1_rule",
"severity": "medium",
"title": "The Download unsigned ActiveX controls property is not set properly for the Restricted Sites Zone.",
"version": "DTBI113"
},
"V-6291": {
"checkid": "C-446r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1201 is REG_DWORD = 3 (Disabled = 3), this is not a finding.\n\n",
"description": "ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a \ncomplete security measure for a control to be marked safe for scripting, if a control is not marked \nsafe, it should not be initialized and executed.",
"fixid": "F-5779r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1201 is REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6291",
"ruleID": "SV-6359r1_rule",
"severity": "medium",
"title": "The Initialize and script ActiveX controls not marked as safe property is not set properly for the Restricted Sites Zone.",
"version": "DTBI114"
},
"V-6292": {
"checkid": "C-447r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1200 is REG_DWORD = 3 (Disabled = 3), this is not a finding.\n",
"description": "ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a \ncomplete security measure for a control to be marked safe for scripting, if a control is not marked \nsafe, it should not be initialized and executed.",
"fixid": "F-5780r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1200 is REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6292",
"ruleID": "SV-6360r1_rule",
"severity": "medium",
"title": "Run ActiveX controls and plug-ins property is not set properly for the Restricted Sites Zone.",
"version": "DTBI115"
},
"V-6293": {
"checkid": "C-477r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1405 is REG_DWORD = 3 (Disabled = 3), this is not a finding.\n",
"description": "ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a \ncomplete security measure for a control to be marked safe for scripting, if a control is not marked \nsafe, it should not be initialized and executed.",
"fixid": "F-5791r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1405 is REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6293",
"ruleID": "SV-6361r1_rule",
"severity": "medium",
"title": "The Script ActiveX controls marked safe for scripting property is not set properly for the Restricted Sites Zone.",
"version": "DTBI116"
},
"V-6294": {
"checkid": "C-478r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1803 is REG_DWORD = 3 (Disabled = 3), this is not a finding.\n\n",
"description": "Files should not be able to be downloaded from sites that are considered restricted.",
"fixid": "F-5792r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1803 is REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6294",
"ruleID": "SV-6362r1_rule",
"severity": "medium",
"title": "The File download control is not set properly for the Restricted Sites Zone.",
"version": "DTBI119"
},
"V-6295": {
"checkid": "C-480r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1604 is REG_DWORD = 3 (Disabled = 3), this is not a finding.\n\n",
"description": "Download of fonts can sometimes contain malicious code. Files should not be downloaded from restricted sites.",
"fixid": "F-5794r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1604 is REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6295",
"ruleID": "SV-6363r1_rule",
"severity": "medium",
"title": "The Font download control is not set properly for the Restricted Sites Zone.",
"version": "DTBI120"
},
"V-6297": {
"checkid": "C-483r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1406 is REG_DWORD = 3 (Disabled = 3), this is not a finding.\n",
"description": "The restricted zones is used for MS Outlook. This zone must be set properly to ensure Outlook is secured.",
"fixid": "F-5797r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1406 is REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6297",
"ruleID": "SV-6365r1_rule",
"severity": "medium",
"title": "The Access data sources across domains is not set properly for the Restricted Sites Zone.",
"version": "DTBI122"
},
"V-6298": {
"checkid": "C-484r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1608 is REG_DWORD = 3 (Disabled = 3), this is not a finding.\n\n",
"description": "Allow META REFRESH must have level of protection based upon the site being browsed.",
"fixid": "F-5798r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1608 is REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6298",
"ruleID": "SV-6366r1_rule",
"severity": "medium",
"title": "The Allow META REFRESH is not set properly for the Restricted Site Zone.",
"version": "DTBI123"
},
"V-6299": {
"checkid": "C-485r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1609 is REG_DWORD = 3 (Disabled = 3), this is not a finding. ",
"description": "Mixed content poses a risk when coming from a restricted site. ",
"fixid": "F-5799r1_fix",
"fixtext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1609 is REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6299",
"ruleID": "SV-6367r1_rule",
"severity": "medium",
"title": "The Display mixed content is not set properly for the Restricted Sites Zone.",
"version": "DTBI124"
},
"V-6300": {
"checkid": "C-507r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1A04 is REG_DWORD=3 (Disabled), this is not a finding. \n\n",
"description": "Client certificates should not be presented to web sites without the user's acknowledgement.",
"fixid": "F-5806r1_fix",
"fixtext": "Change the registry key HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1A04 is REG_DWORD=3 (Disabled).",
"iacontrols": [
"ECSC-1"
],
"id": "V-6300",
"ruleID": "SV-6369r1_rule",
"severity": "medium",
"title": "The Don\u2019t prompt for client certificate selection when no certificate or only one certificate exists is not set properly for the Restricted Sites Zone.",
"version": "DTBI125"
},
"V-6301": {
"checkid": "C-508r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1802 is REG_DWORD=3 (Disabled), this is not a finding. \n",
"description": "Drag and Drop of files must have level of protection based upon the site being accessed.",
"fixid": "F-5807r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1802 is REG_DWORD=3 (Disabled).",
"iacontrols": [
"ECSC-1"
],
"id": "V-6301",
"ruleID": "SV-6370r1_rule",
"severity": "medium",
"title": "The Drag and drop or copy and paste files is not set properly for the Restricted Sites Zone.",
"version": "DTBI126"
},
"V-6302": {
"checkid": "C-511r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1800 is REG_DWORD = 3 (Disabled = 3), this is not a finding.\n\n",
"description": "Installation of items must have level of protection based upon the site being accessed. ",
"fixid": "F-5809r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1800 is REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6302",
"ruleID": "SV-6372r1_rule",
"severity": "medium",
"title": "The Installation of desktop items is not set properly for the Restricted Sites Zone.",
"version": "DTBI127"
},
"V-6303": {
"checkid": "C-512r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4 \n\nCriteria: If the value 1804 is REG_DWORD = 3 (Disabled = 3), this is not a finding.\n",
"description": "Launching of programs in IFRAME must have level of protection based upon the site being accessed.",
"fixid": "F-5810r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4 \n\nCriteria: If the value 1804 is REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6303",
"ruleID": "SV-6373r1_rule",
"severity": "medium",
"title": "The Launching programs and files in IFRAME is not set properly for the Restricted Sites Zone.",
"version": "DTBI128"
},
"V-6304": {
"checkid": "C-514r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1607 is REG_DWORD = 3 (Disabled = 3), this is not a finding. \n",
"description": "Frames that navigate across different domains are a security concern because the user may think they are accessing pages on one site while they are actually accessing pages on another site.\n",
"fixid": "F-5812r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1607 is REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"ECSC-1"
],
"id": "V-6304",
"ruleID": "SV-6374r1_rule",
"severity": "medium",
"title": "The Navigate sub-frames across different domains is not set properly for the Restricted Sites Zone.",
"version": "DTBI129"
},
"V-6305": {
"checkid": "C-517r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1E05 is REG_DWORD = 65536 (decimal), this is not a finding.\n\n",
"description": "Software channel permissions must have level of protection based upon the site being accessed.",
"fixid": "F-5815r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1E05 is REG_DWORD = 65536 (decimal).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6305",
"ruleID": "SV-6375r1_rule",
"severity": "medium",
"title": "The Software channel permissions is not set properly for the Restricted Sites Zone.",
"version": "DTBI130"
},
"V-6306": {
"checkid": "C-541r1_chk",
"checktext": "The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security page -> Restricted Sites Zone -> \"Submit non-encrypted form data\" will be enabled and set to \u201cDisabled\u201d.\n\nProcedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1601 is REG_DWORD = 3 (Disabled = 3), this is not a finding. \n\n",
"description": "Submit non-encrypted form data must have level of protection based upon the site being accessed.",
"fixid": "F-5822r1_fix",
"fixtext": "The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security page -> Restricted Sites Zone -> \"Submit non-encrypted form data\" will be enabled and set to \u201cDisabled\u201d. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4 Criteria: Set the value 1601 to REG_DWORD = 3 (Disabled = 3).\n\n\n",
"iacontrols": [
"ECSC-1"
],
"id": "V-6306",
"ruleID": "SV-6376r1_rule",
"severity": "medium",
"title": "The Submit non-encrypted form data is not set properly for the Restricted Sites Zone.",
"version": "DTBI131"
},
"V-6307": {
"checkid": "C-542r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1606 is REG_DWORD = 3 (Disabled = 3), this is not a finding. \n",
"description": "No perseistant data should exist and be used in the Restricted sites zone. ",
"fixid": "F-5823r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1606 is REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"ECSC-1"
],
"id": "V-6307",
"ruleID": "SV-6377r1_rule",
"severity": "medium",
"title": "The Userdata persistence is not set properly for the Restricted Sites Zone.",
"version": "DTBI132"
},
"V-6308": {
"checkid": "C-545r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1400 is REG_DWORD = 3 (Disabled = 3), this is not a finding.",
"description": "Active Scripting must have level of protection based upon the site being accessed.",
"fixid": "F-5825r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1400 is REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"DCMC-1"
],
"id": "V-6308",
"ruleID": "SV-6378r1_rule",
"severity": "medium",
"title": "The Active scripting is not set properly for the Restricted Sites Zone.",
"version": "DTBI133"
},
"V-6309": {
"checkid": "C-565r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1407 is REG_DWORD = 3 (Disabled = 3), this is not a finding.\n\n",
"description": "The Allow paste operations via script must have level of protection based upon the site being browsed.",
"fixid": "F-5832r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1407 is REG_DWORD = 3 (Disabled = 3).",
"iacontrols": [
"ECSC-1"
],
"id": "V-6309",
"ruleID": "SV-6379r1_rule",
"severity": "medium",
"title": "The Allow paste operations via script is not set properly for the Restricted Sites Zone.",
"version": "DTBI134"
},
"V-6310": {
"checkid": "C-566r1_chk",
"checktext": "The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security page -> Restricted Sites Zone -> \"Scripting of Java Applets\" will be enabled and set to \u201cDisabled\u201d. \n\nProcedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4 \n\nCriteria: If the value 1402 is REG_DWORD = 3 (Disabled = 3), this is not a finding. \n",
"description": "The Scripting of Java applets must have level of protection based upon the site being accessed.",
"fixid": "F-5833r1_fix",
"fixtext": "The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security page -> Restricted Sites Zone -> \"Scripting of Java Applets\" will be enabled and set to \u201cDisabled\u201d. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4 Criteria: Set the value 1402 to REG_DWORD = 3 (Disabled = 3). \n",
"iacontrols": [
"DCMC-1"
],
"id": "V-6310",
"ruleID": "SV-6380r1_rule",
"severity": "medium",
"title": "The Scripting of Java applets is not set properly for the Restricted Sites Zone.",
"version": "DTBI135"
},
"V-6311": {
"checkid": "C-570r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1A00 is REG_DWORD = 196608 (decimal), this is not a finding.\n",
"description": "Care must be taken with user credentials and how automatic logons are performed and how default Windows credentials are passed to web sites.\n",
"fixid": "F-5834r1_fix",
"fixtext": "Change the registry key HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1A00 is REG_DWORD = 196608 (decimal).",
"iacontrols": [
"ECSC-1"
],
"id": "V-6311",
"ruleID": "SV-6381r1_rule",
"severity": "medium",
"title": "The User Authentication \u2013 Logon is not set properly for the Restricted Sites Zone.",
"version": "DTBI136"
},
"V-6312": {
"checkid": "C-588r1_chk",
"checktext": "Procedure: Search for the msjava.dll file in the %System root%\\System32 by using the Start menu \u201cSearch | For Files or Folders\u2026\u201d facility. \n\nCriteria: If the file exists, this is a finding.\n",
"description": "This software is no longer being support and should be removed.",
"fixid": "F-5835r1_fix",
"fixtext": "Delete the file msjava.dll in the %System root%\\System32 by going to the Start menu, Search | For Files or Folders.",
"iacontrols": [
"ECSC-1"
],
"id": "V-6312",
"ruleID": "SV-6382r1_rule",
"severity": "medium",
"title": "The Microsoft Java VM is installed.",
"version": "DTBI150"
},
"V-6313": {
"checkid": "C-589r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\DES 56/56\n\nCriteria: If the value Enabled is 0xffffffff, this is not a finding. \nThe absence of the key also indicates Not a Finding.\n",
"description": "This cipher setting controls the behavior of the DES 56/56 encryption algorthm.",
"fixid": "F-5836r1_fix",
"fixtext": "Navigate to registry key HKLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\DES 56/56 and change the value to Enabled is 0xffffffff.",
"iacontrols": [
"ECSC-1"
],
"id": "V-6313",
"ruleID": "SV-6383r1_rule",
"severity": "medium",
"title": "The Cipher setting for DES 56/56 is not set properly.",
"version": "DTBI151"
},
"V-6314": {
"checkid": "C-590r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\NULL\n\nCriteria: If the value Enabled is 0x0, this is not a finding. The absence of the key also indicates Not a Finding.\n",
"description": "This controls the behavior of the Null cipher. ",
"fixid": "F-5837r1_fix",
"fixtext": "Navigate to registry key HKLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\NULL and change the value to Enabled is 0x0.",
"iacontrols": [
"ECSC-1"
],
"id": "V-6314",
"ruleID": "SV-6384r1_rule",
"severity": "medium",
"title": "The Cipher setting for Null is not set properly.",
"version": "DTBI152"
},
"V-6315": {
"checkid": "C-591r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\Triple DES 168/168\n\nCriteria: If the value Enabled is 0xffffffff, this is not a finding. The absence of the key also indicates Not a Finding.\n",
"description": "This enables the Triple Des cipher.",
"fixid": "F-5838r1_fix",
"fixtext": "Navigate to the registry key HKLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Ciphers\\Triple DES 168/168 and change the value to Enabled is 0xffffffff.",
"iacontrols": [
"ECSC-1"
],
"id": "V-6315",
"ruleID": "SV-6385r1_rule",
"severity": "medium",
"title": "The Cipher setting for Triple DES is not set properly.",
"version": "DTBI153"
},
"V-6316": {
"checkid": "C-592r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Hashes\\SHA\n\nCriteria: If the value Enabled is 0xffffffff, this is not a finding.\n",
"description": "This ensures that the Hash value for SHA is enabled.",
"fixid": "F-5839r1_fix",
"fixtext": "Navigate to the registry key HKLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Hashes\\SHA\nand change the value to Enabled is 0xffffffff.",
"iacontrols": [
"ECSC-1"
],
"id": "V-6316",
"ruleID": "SV-6386r1_rule",
"severity": "medium",
"title": "The Hash setting for SHA is not set properly.",
"version": "DTBI160"
},
"V-6317": {
"checkid": "C-593r1_chk",
"checktext": "Procedure: From IE go to the Help | About Internet Explorer dialog. The capability for 128 bit encryption is indicated by the phrase \u201cCipher Strength: 128 bit.\u201d\n\nCriteria: If the phrase \u201cCipher Strength: 128 bit\u201d is displayed, this is not a finding. \n",
"description": "IE must be enabled to use 128 bit encryption. This will lead to stronger encryption when supported by the web server for SSL connections.",
"fixid": "F-5840r1_fix",
"fixtext": "Install a 128 bit version of IE.",
"iacontrols": [
"ECSC-1"
],
"id": "V-6317",
"ruleID": "SV-6387r1_rule",
"severity": "medium",
"title": "IE is not capable to use 128-bit encryption.",
"version": "DTBG007"
},
"V-6319": {
"checkid": "C-595r1_chk",
"checktext": "Procedure: Use the Windows Registry Editor to navigate to the following key:\nHKLM\\ Software\\Microsoft\\Internet Explorer\\Main\n and determine the value data for the IEWatsonEnabled value.\n\nCriteria: If the system being reviewed is running Windows XP or 2003, this is not a Finding. [This potential vulnerability is covered in the Windows Checklist.]\nIf the value data for the IEWatsonEnabled value is not 0 (the number zero) or the key is not found, then this is a Finding.\n",
"description": "An error reporting tool may send sensitive data to a vendor.",
"fixid": "F-5842r1_fix",
"fixtext": "Navigate to the registry key HKLM\\Software\\Microsoft\\Internet Explorer\\Main. Make sure that the key exists and the value data for the IEWatsonEnabled value is 0 (the number zero).",
"iacontrols": [
"ECSC-1"
],
"id": "V-6319",
"ruleID": "SV-6389r1_rule",
"severity": "medium",
"title": "The Error Reporting tool for IE is installed or enabled.",
"version": "DTBI140"
},
"V-7006": {
"checkid": "C-3342r1_chk",
"checktext": "Use the Windows Registry Editor to navigate to the following key: HKCU\\Software\\Microsoft\\Internet Explorer\\Main\n\nCriteria: If the value AutoSearch is 0 or 4, this is not a finding. \n",
"description": "This parameter ensures automatic searches are not performed from the address bar. When a web site is not found and searching is performed, potentially malicious or unsuited sites may be displayed.",
"fixid": "F-6585r1_fix",
"fixtext": "Use the Windows Registry Editor to navigate to the following key: HKCU\\Software\\Microsoft\\Internet Explorer\\Main\n\nEnsure the value AutoSearch is 0 or 4\n",
"iacontrols": [
"ECSC-1"
],
"id": "V-7006",
"ruleID": "SV-7341r1_rule",
"severity": "medium",
"title": "The IE search parameter is not set correctly.",
"version": "DTBI011"
},
"V-7007": {
"checkid": "C-3411r1_chk",
"checktext": "Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1C00 is REG_DWORD = 0 (Disabled = 0), this is not a finding.\n\n",
"description": "Java must have level of protection based upon the site being browsed.",
"fixid": "F-6587r1_fix",
"fixtext": "Use the Windows Registry Editor to navigate to the following key: HKLM\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\n\nCriteria: If the value 1C00 is REG_DWORD = 0 (Disabled = 0).",
"iacontrols": [
"DCMC-1"
],
"id": "V-7007",
"ruleID": "SV-7354r1_rule",
"severity": "medium",
"title": "The Java Permissions is not set properly for the Restricted Sites Zone.",
"version": "DTBI121"
}
},
"profiles": {
"MAC-1_Classified": {
"description": "",
"findings": {
"V-16879": "true",
"V-32808": "true",
"V-3427": "true",
"V-3428": "true",
"V-3429": "true",
"V-3430": "true",
"V-3431": "true",
"V-3432": "true",
"V-3433": "true",
"V-6227": "true",
"V-6228": "true",
"V-6229": "true",
"V-6230": "true",
"V-6231": "true",
"V-6232": "true",
"V-6233": "true",
"V-6234": "true",
"V-6236": "true",
"V-6237": "true",
"V-6238": "true",
"V-6239": "true",
"V-6240": "true",
"V-6241": "true",
"V-6242": "true",
"V-6243": "true",
"V-6244": "true",
"V-6245": "true",
"V-6246": "true",
"V-6248": "true",
"V-6249": "true",
"V-6250": "true",
"V-6251": "true",
"V-6252": "true",
"V-6253": "true",
"V-6254": "true",
"V-6255": "true",
"V-6256": "true",
"V-6257": "true",
"V-6258": "true",
"V-6259": "true",
"V-6260": "true",
"V-6261": "true",
"V-6262": "true",
"V-6263": "true",
"V-6264": "true",
"V-6265": "true",
"V-6266": "true",
"V-6267": "true",
"V-6268": "true",
"V-6271": "true",
"V-6272": "true",
"V-6273": "true",
"V-6274": "true",
"V-6275": "true",
"V-6276": "true",
"V-6277": "true",
"V-6278": "true",
"V-6279": "true",
"V-6280": "true",
"V-6281": "true",
"V-6282": "true",
"V-6283": "true",
"V-6284": "true",
"V-6285": "true",
"V-6286": "true",
"V-6287": "true",
"V-6288": "true",
"V-6289": "true",
"V-6290": "true",
"V-6291": "true",
"V-6292": "true",
"V-6293": "true",
"V-6294": "true",
"V-6295": "true",
"V-6297": "true",
"V-6298": "true",
"V-6299": "true",
"V-6300": "true",
"V-6301": "true",
"V-6302": "true",
"V-6303": "true",
"V-6304": "true",
"V-6305": "true",
"V-6306": "true",
"V-6307": "true",
"V-6308": "true",
"V-6309": "true",
"V-6310": "true",
"V-6311": "true",
"V-6312": "true",
"V-6313": "true",
"V-6314": "true",
"V-6315": "true",
"V-6316": "true",
"V-6317": "true",
"V-6319": "true",
"V-7006": "true",
"V-7007": "true"
},
"id": "MAC-1_Classified",
"title": "I - Mission Critical Classified"
},
"MAC-1_Public": {
"description": "",
"findings": {
"V-16879": "true",
"V-32808": "true",
"V-3427": "true",
"V-3428": "true",
"V-3429": "true",
"V-3430": "true",
"V-3431": "true",
"V-3432": "true",
"V-3433": "true",
"V-6227": "true",
"V-6228": "true",
"V-6229": "true",
"V-6230": "true",
"V-6231": "true",
"V-6232": "true",
"V-6233": "true",
"V-6234": "true",
"V-6236": "true",
"V-6237": "true",
"V-6238": "true",
"V-6239": "true",
"V-6240": "true",
"V-6241": "true",
"V-6242": "true",
"V-6243": "true",
"V-6244": "true",
"V-6245": "true",
"V-6246": "true",
"V-6248": "true",
"V-6249": "true",
"V-6250": "true",
"V-6251": "true",
"V-6252": "true",
"V-6253": "true",
"V-6254": "true",
"V-6255": "true",
"V-6256": "true",
"V-6257": "true",
"V-6258": "true",
"V-6259": "true",
"V-6260": "true",
"V-6261": "true",
"V-6262": "true",
"V-6263": "true",
"V-6264": "true",
"V-6265": "true",
"V-6266": "true",
"V-6267": "true",
"V-6268": "true",
"V-6271": "true",
"V-6272": "true",
"V-6273": "true",
"V-6274": "true",
"V-6275": "true",
"V-6276": "true",
"V-6277": "true",
"V-6278": "true",
"V-6279": "true",
"V-6280": "true",
"V-6281": "true",
"V-6282": "true",
"V-6283": "true",
"V-6284": "true",
"V-6285": "true",
"V-6286": "true",
"V-6287": "true",
"V-6288": "true",
"V-6289": "true",
"V-6290": "true",
"V-6291": "true",
"V-6292": "true",
"V-6293": "true",
"V-6294": "true",
"V-6295": "true",
"V-6297": "true",
"V-6298": "true",
"V-6299": "true",
"V-6300": "true",
"V-6301": "true",
"V-6302": "true",
"V-6303": "true",
"V-6304": "true",
"V-6305": "true",
"V-6306": "true",
"V-6307": "true",
"V-6308": "true",
"V-6309": "true",
"V-6310": "true",
"V-6311": "true",
"V-6312": "true",
"V-6313": "true",
"V-6314": "true",
"V-6315": "true",
"V-6316": "true",
"V-6317": "true",
"V-6319": "true",
"V-7006": "true",
"V-7007": "true"
},
"id": "MAC-1_Public",
"title": "I - Mission Critical Public"
},
"MAC-1_Sensitive": {
"description": "",
"findings": {
"V-16879": "true",
"V-32808": "true",
"V-3427": "true",
"V-3428": "true",
"V-3429": "true",
"V-3430": "true",
"V-3431": "true",
"V-3432": "true",
"V-3433": "true",
"V-6227": "true",
"V-6228": "true",
"V-6229": "true",
"V-6230": "true",
"V-6231": "true",
"V-6232": "true",
"V-6233": "true",
"V-6234": "true",
"V-6236": "true",
"V-6237": "true",
"V-6238": "true",
"V-6239": "true",
"V-6240": "true",
"V-6241": "true",
"V-6242": "true",
"V-6243": "true",
"V-6244": "true",
"V-6245": "true",
"V-6246": "true",
"V-6248": "true",
"V-6249": "true",
"V-6250": "true",
"V-6251": "true",
"V-6252": "true",
"V-6253": "true",
"V-6254": "true",
"V-6255": "true",
"V-6256": "true",
"V-6257": "true",
"V-6258": "true",
"V-6259": "true",
"V-6260": "true",
"V-6261": "true",
"V-6262": "true",
"V-6263": "true",
"V-6264": "true",
"V-6265": "true",
"V-6266": "true",
"V-6267": "true",
"V-6268": "true",
"V-6271": "true",
"V-6272": "true",
"V-6273": "true",
"V-6274": "true",
"V-6275": "true",
"V-6276": "true",
"V-6277": "true",
"V-6278": "true",
"V-6279": "true",
"V-6280": "true",
"V-6281": "true",
"V-6282": "true",
"V-6283": "true",
"V-6284": "true",
"V-6285": "true",
"V-6286": "true",
"V-6287": "true",
"V-6288": "true",
"V-6289": "true",
"V-6290": "true",
"V-6291": "true",
"V-6292": "true",
"V-6293": "true",
"V-6294": "true",
"V-6295": "true",
"V-6297": "true",
"V-6298": "true",
"V-6299": "true",
"V-6300": "true",
"V-6301": "true",
"V-6302": "true",
"V-6303": "true",
"V-6304": "true",
"V-6305": "true",
"V-6306": "true",
"V-6307": "true",
"V-6308": "true",
"V-6309": "true",
"V-6310": "true",
"V-6311": "true",
"V-6312": "true",
"V-6313": "true",
"V-6314": "true",
"V-6315": "true",
"V-6316": "true",
"V-6317": "true",
"V-6319": "true",
"V-7006": "true",
"V-7007": "true"
},
"id": "MAC-1_Sensitive",
"title": "I - Mission Critical Sensitive"
},
"MAC-2_Classified": {
"description": "",
"findings": {
"V-16879": "true",
"V-32808": "true",
"V-3427": "true",
"V-3428": "true",
"V-3429": "true",
"V-3430": "true",
"V-3431": "true",
"V-3432": "true",
"V-3433": "true",
"V-6227": "true",
"V-6228": "true",
"V-6229": "true",
"V-6230": "true",
"V-6231": "true",
"V-6232": "true",
"V-6233": "true",
"V-6234": "true",
"V-6236": "true",
"V-6237": "true",
"V-6238": "true",
"V-6239": "true",
"V-6240": "true",
"V-6241": "true",
"V-6242": "true",
"V-6243": "true",
"V-6244": "true",
"V-6245": "true",
"V-6246": "true",
"V-6248": "true",
"V-6249": "true",
"V-6250": "true",
"V-6251": "true",
"V-6252": "true",
"V-6253": "true",
"V-6254": "true",
"V-6255": "true",
"V-6256": "true",
"V-6257": "true",
"V-6258": "true",
"V-6259": "true",
"V-6260": "true",
"V-6261": "true",
"V-6262": "true",
"V-6263": "true",
"V-6264": "true",
"V-6265": "true",
"V-6266": "true",
"V-6267": "true",
"V-6268": "true",
"V-6271": "true",
"V-6272": "true",
"V-6273": "true",
"V-6274": "true",
"V-6275": "true",
"V-6276": "true",
"V-6277": "true",
"V-6278": "true",
"V-6279": "true",
"V-6280": "true",
"V-6281": "true",
"V-6282": "true",
"V-6283": "true",
"V-6284": "true",
"V-6285": "true",
"V-6286": "true",
"V-6287": "true",
"V-6288": "true",
"V-6289": "true",
"V-6290": "true",
"V-6291": "true",
"V-6292": "true",
"V-6293": "true",
"V-6294": "true",
"V-6295": "true",
"V-6297": "true",
"V-6298": "true",
"V-6299": "true",
"V-6300": "true",
"V-6301": "true",
"V-6302": "true",
"V-6303": "true",
"V-6304": "true",
"V-6305": "true",
"V-6306": "true",
"V-6307": "true",
"V-6308": "true",
"V-6309": "true",
"V-6310": "true",
"V-6311": "true",
"V-6312": "true",
"V-6313": "true",
"V-6314": "true",
"V-6315": "true",
"V-6316": "true",
"V-6317": "true",
"V-6319": "true",
"V-7006": "true",
"V-7007": "true"
},
"id": "MAC-2_Classified",
"title": "II - Mission Support Classified"
},
"MAC-2_Public": {
"description": "",
"findings": {
"V-16879": "true",
"V-32808": "true",
"V-3427": "true",
"V-3428": "true",
"V-3429": "true",
"V-3430": "true",
"V-3431": "true",
"V-3432": "true",
"V-3433": "true",
"V-6227": "true",
"V-6228": "true",
"V-6229": "true",
"V-6230": "true",
"V-6231": "true",
"V-6232": "true",
"V-6233": "true",
"V-6234": "true",
"V-6236": "true",
"V-6237": "true",
"V-6238": "true",
"V-6239": "true",
"V-6240": "true",
"V-6241": "true",
"V-6242": "true",
"V-6243": "true",
"V-6244": "true",
"V-6245": "true",
"V-6246": "true",
"V-6248": "true",
"V-6249": "true",
"V-6250": "true",
"V-6251": "true",
"V-6252": "true",
"V-6253": "true",
"V-6254": "true",
"V-6255": "true",
"V-6256": "true",
"V-6257": "true",
"V-6258": "true",
"V-6259": "true",
"V-6260": "true",
"V-6261": "true",
"V-6262": "true",
"V-6263": "true",
"V-6264": "true",
"V-6265": "true",
"V-6266": "true",
"V-6267": "true",
"V-6268": "true",
"V-6271": "true",
"V-6272": "true",
"V-6273": "true",
"V-6274": "true",
"V-6275": "true",
"V-6276": "true",
"V-6277": "true",
"V-6278": "true",
"V-6279": "true",
"V-6280": "true",
"V-6281": "true",
"V-6282": "true",
"V-6283": "true",
"V-6284": "true",
"V-6285": "true",
"V-6286": "true",
"V-6287": "true",
"V-6288": "true",
"V-6289": "true",
"V-6290": "true",
"V-6291": "true",
"V-6292": "true",
"V-6293": "true",
"V-6294": "true",
"V-6295": "true",
"V-6297": "true",
"V-6298": "true",
"V-6299": "true",
"V-6300": "true",
"V-6301": "true",
"V-6302": "true",
"V-6303": "true",
"V-6304": "true",
"V-6305": "true",
"V-6306": "true",
"V-6307": "true",
"V-6308": "true",
"V-6309": "true",
"V-6310": "true",
"V-6311": "true",
"V-6312": "true",
"V-6313": "true",
"V-6314": "true",
"V-6315": "true",
"V-6316": "true",
"V-6317": "true",
"V-6319": "true",
"V-7006": "true",
"V-7007": "true"
},
"id": "MAC-2_Public",
"title": "II - Mission Support Public"
},
"MAC-2_Sensitive": {
"description": "",
"findings": {
"V-16879": "true",
"V-32808": "true",
"V-3427": "true",
"V-3428": "true",
"V-3429": "true",
"V-3430": "true",
"V-3431": "true",
"V-3432": "true",
"V-3433": "true",
"V-6227": "true",
"V-6228": "true",
"V-6229": "true",
"V-6230": "true",
"V-6231": "true",
"V-6232": "true",
"V-6233": "true",
"V-6234": "true",
"V-6236": "true",
"V-6237": "true",
"V-6238": "true",
"V-6239": "true",
"V-6240": "true",
"V-6241": "true",
"V-6242": "true",
"V-6243": "true",
"V-6244": "true",
"V-6245": "true",
"V-6246": "true",
"V-6248": "true",
"V-6249": "true",
"V-6250": "true",
"V-6251": "true",
"V-6252": "true",
"V-6253": "true",
"V-6254": "true",
"V-6255": "true",
"V-6256": "true",
"V-6257": "true",
"V-6258": "true",
"V-6259": "true",
"V-6260": "true",
"V-6261": "true",
"V-6262": "true",
"V-6263": "true",
"V-6264": "true",
"V-6265": "true",
"V-6266": "true",
"V-6267": "true",
"V-6268": "true",
"V-6271": "true",
"V-6272": "true",
"V-6273": "true",
"V-6274": "true",
"V-6275": "true",
"V-6276": "true",
"V-6277": "true",
"V-6278": "true",
"V-6279": "true",
"V-6280": "true",
"V-6281": "true",
"V-6282": "true",
"V-6283": "true",
"V-6284": "true",
"V-6285": "true",
"V-6286": "true",
"V-6287": "true",
"V-6288": "true",
"V-6289": "true",
"V-6290": "true",
"V-6291": "true",
"V-6292": "true",
"V-6293": "true",
"V-6294": "true",
"V-6295": "true",
"V-6297": "true",
"V-6298": "true",
"V-6299": "true",
"V-6300": "true",
"V-6301": "true",
"V-6302": "true",
"V-6303": "true",
"V-6304": "true",
"V-6305": "true",
"V-6306": "true",
"V-6307": "true",
"V-6308": "true",
"V-6309": "true",
"V-6310": "true",
"V-6311": "true",
"V-6312": "true",
"V-6313": "true",
"V-6314": "true",
"V-6315": "true",
"V-6316": "true",
"V-6317": "true",
"V-6319": "true",
"V-7006": "true",
"V-7007": "true"
},
"id": "MAC-2_Sensitive",
"title": "II - Mission Support Sensitive"
},
"MAC-3_Classified": {
"description": "",
"findings": {
"V-16879": "true",
"V-32808": "true",
"V-3427": "true",
"V-3428": "true",
"V-3429": "true",
"V-3430": "true",
"V-3431": "true",
"V-3432": "true",
"V-3433": "true",
"V-6227": "true",
"V-6228": "true",
"V-6229": "true",
"V-6230": "true",
"V-6231": "true",
"V-6232": "true",
"V-6233": "true",
"V-6234": "true",
"V-6236": "true",
"V-6237": "true",
"V-6238": "true",
"V-6239": "true",
"V-6240": "true",
"V-6241": "true",
"V-6242": "true",
"V-6243": "true",
"V-6244": "true",
"V-6245": "true",
"V-6246": "true",
"V-6248": "true",
"V-6249": "true",
"V-6250": "true",
"V-6251": "true",
"V-6252": "true",
"V-6253": "true",
"V-6254": "true",
"V-6255": "true",
"V-6256": "true",
"V-6257": "true",
"V-6258": "true",
"V-6259": "true",
"V-6260": "true",
"V-6261": "true",
"V-6262": "true",
"V-6263": "true",
"V-6264": "true",
"V-6265": "true",
"V-6266": "true",
"V-6267": "true",
"V-6268": "true",
"V-6271": "true",
"V-6272": "true",
"V-6273": "true",
"V-6274": "true",
"V-6275": "true",
"V-6276": "true",
"V-6277": "true",
"V-6278": "true",
"V-6279": "true",
"V-6280": "true",
"V-6281": "true",
"V-6282": "true",
"V-6283": "true",
"V-6284": "true",
"V-6285": "true",
"V-6286": "true",
"V-6287": "true",
"V-6288": "true",
"V-6289": "true",
"V-6290": "true",
"V-6291": "true",
"V-6292": "true",
"V-6293": "true",
"V-6294": "true",
"V-6295": "true",
"V-6297": "true",
"V-6298": "true",
"V-6299": "true",
"V-6300": "true",
"V-6301": "true",
"V-6302": "true",
"V-6303": "true",
"V-6304": "true",
"V-6305": "true",
"V-6306": "true",
"V-6307": "true",
"V-6308": "true",
"V-6309": "true",
"V-6310": "true",
"V-6311": "true",
"V-6312": "true",
"V-6313": "true",
"V-6314": "true",
"V-6315": "true",
"V-6316": "true",
"V-6317": "true",
"V-6319": "true",
"V-7006": "true",
"V-7007": "true"
},
"id": "MAC-3_Classified",
"title": "III - Administrative Classified"
},
"MAC-3_Public": {
"description": "",
"findings": {
"V-16879": "true",
"V-32808": "true",
"V-3427": "true",
"V-3428": "true",
"V-3429": "true",
"V-3430": "true",
"V-3431": "true",
"V-3432": "true",
"V-3433": "true",
"V-6227": "true",
"V-6228": "true",
"V-6229": "true",
"V-6230": "true",
"V-6231": "true",
"V-6232": "true",
"V-6233": "true",
"V-6234": "true",
"V-6236": "true",
"V-6237": "true",
"V-6238": "true",
"V-6239": "true",
"V-6240": "true",
"V-6241": "true",
"V-6242": "true",
"V-6243": "true",
"V-6244": "true",
"V-6245": "true",
"V-6246": "true",
"V-6248": "true",
"V-6249": "true",
"V-6250": "true",
"V-6251": "true",
"V-6252": "true",
"V-6253": "true",
"V-6254": "true",
"V-6255": "true",
"V-6256": "true",
"V-6257": "true",
"V-6258": "true",
"V-6259": "true",
"V-6260": "true",
"V-6261": "true",
"V-6262": "true",
"V-6263": "true",
"V-6264": "true",
"V-6265": "true",
"V-6266": "true",
"V-6267": "true",
"V-6268": "true",
"V-6271": "true",
"V-6272": "true",
"V-6273": "true",
"V-6274": "true",
"V-6275": "true",
"V-6276": "true",
"V-6277": "true",
"V-6278": "true",
"V-6279": "true",
"V-6280": "true",
"V-6281": "true",
"V-6282": "true",
"V-6283": "true",
"V-6284": "true",
"V-6285": "true",
"V-6286": "true",
"V-6287": "true",
"V-6288": "true",
"V-6289": "true",
"V-6290": "true",
"V-6291": "true",
"V-6292": "true",
"V-6293": "true",
"V-6294": "true",
"V-6295": "true",
"V-6297": "true",
"V-6298": "true",
"V-6299": "true",
"V-6300": "true",
"V-6301": "true",
"V-6302": "true",
"V-6303": "true",
"V-6304": "true",
"V-6305": "true",
"V-6306": "true",
"V-6307": "true",
"V-6308": "true",
"V-6309": "true",
"V-6310": "true",
"V-6311": "true",
"V-6312": "true",
"V-6313": "true",
"V-6314": "true",
"V-6315": "true",
"V-6316": "true",
"V-6317": "true",
"V-6319": "true",
"V-7006": "true",
"V-7007": "true"
},
"id": "MAC-3_Public",
"title": "III - Administrative Public"
},
"MAC-3_Sensitive": {
"description": "",
"findings": {
"V-16879": "true",
"V-32808": "true",
"V-3427": "true",
"V-3428": "true",
"V-3429": "true",
"V-3430": "true",
"V-3431": "true",
"V-3432": "true",
"V-3433": "true",
"V-6227": "true",
"V-6228": "true",
"V-6229": "true",
"V-6230": "true",
"V-6231": "true",
"V-6232": "true",
"V-6233": "true",
"V-6234": "true",
"V-6236": "true",
"V-6237": "true",
"V-6238": "true",
"V-6239": "true",
"V-6240": "true",
"V-6241": "true",
"V-6242": "true",
"V-6243": "true",
"V-6244": "true",
"V-6245": "true",
"V-6246": "true",
"V-6248": "true",
"V-6249": "true",
"V-6250": "true",
"V-6251": "true",
"V-6252": "true",
"V-6253": "true",
"V-6254": "true",
"V-6255": "true",
"V-6256": "true",
"V-6257": "true",
"V-6258": "true",
"V-6259": "true",
"V-6260": "true",
"V-6261": "true",
"V-6262": "true",
"V-6263": "true",
"V-6264": "true",
"V-6265": "true",
"V-6266": "true",
"V-6267": "true",
"V-6268": "true",
"V-6271": "true",
"V-6272": "true",
"V-6273": "true",
"V-6274": "true",
"V-6275": "true",
"V-6276": "true",
"V-6277": "true",
"V-6278": "true",
"V-6279": "true",
"V-6280": "true",
"V-6281": "true",
"V-6282": "true",
"V-6283": "true",
"V-6284": "true",
"V-6285": "true",
"V-6286": "true",
"V-6287": "true",
"V-6288": "true",
"V-6289": "true",
"V-6290": "true",
"V-6291": "true",
"V-6292": "true",
"V-6293": "true",
"V-6294": "true",
"V-6295": "true",
"V-6297": "true",
"V-6298": "true",
"V-6299": "true",
"V-6300": "true",
"V-6301": "true",
"V-6302": "true",
"V-6303": "true",
"V-6304": "true",
"V-6305": "true",
"V-6306": "true",
"V-6307": "true",
"V-6308": "true",
"V-6309": "true",
"V-6310": "true",
"V-6311": "true",
"V-6312": "true",
"V-6313": "true",
"V-6314": "true",
"V-6315": "true",
"V-6316": "true",
"V-6317": "true",
"V-6319": "true",
"V-7006": "true",
"V-7007": "true"
},
"id": "MAC-3_Sensitive",
"title": "III - Administrative Sensitive"
}
},
"slug": "microsoft_ie_version_6",
"title": "Microsoft IE Version 6 ",
"version": "None"
}
}