Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-15495 | DTBI330 | SV-16342r1_rule | ECSC-1 | Medium |
Description |
---|
This policy setting allows the user to enable a phishing filter that will warn if the Web site being visited is known for fraudulent attempts to gather personal information through "phishing." If you enable this policy setting, the user will not be prompted to enable the phishing filter. You must specify which mode the phishing filter uses: manual, automatic, or off. If you select manual mode, the phishing filter performs only local analysis and users are prompted to permit any data to be sent to Microsoft. If the feature is fully enabled, all website addresses not contained on the filter's whitelist will be sent automatically to Microsoft without prompting the user. If you disable or do not configure this policy setting, the user will be prompted to decide the mode of operation for the phishing filter. |
STIG | Date |
---|---|
Microsoft IE Version 7 | 2013-04-01 |
Check Text ( C-14518r1_chk ) |
---|
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> "Turn off Managing Phishing filter" will be set to “Enabled” and "Off" selected. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter Criteria: If the value Enabled is REG_DWORD = 0, this is not a finding. |
Fix Text (F-15126r1_fix) |
---|
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> "Turn off Managing Phishing filter" will be set to “Enabled” and "Off" selected. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter Criteria: Set the value Enabled to REG_DWORD = 0. |