UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Microsoft Internet Explorer 11 Security Technical Implementation Guide


Overview

Date Finding Count (153)
2014-02-18 CAT I (High): 0 CAT II (Med): 150 CAT III (Low): 3
STIG Description
The Microsoft Internet Explorer 11 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Public)

Finding ID Severity Title
DTBI370 Medium Checking for signatures on downloaded programs must be enforced.
DTBI375 Medium All network paths (UNCs) for Intranet sites must be disallowed.
DTBI766 Medium Microsoft services to provide enhanced suggestions as the user types in the Address bar must be disallowed.
DTBI765 Medium Suggested Sites functionality must be disallowed.
DTBI760 Medium Browser must retain history on exit.
DTBI495 Medium Pop-up Blocker must be enforced (Internet zone).
DTBI1010 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (Explorer).
DTBI650 Medium .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Restricted Sites Zone).
DTBI018 Medium Check for publishers certificate revocation must be enforced.
DTBI655 Medium .NET Framework-reliant components signed with Authenticode must be disallowed to run (Restricted Sites Zone).
DTBI870 Medium Security Warning for unsafe files must be disallowed (Restricted Sites zone).
DTBI015 Medium The Internet Explorer warning about certificate address mismatch must be enforced.
DTBI014 Medium The Internet Explorer SSL/TLS parameter must be set correctly.
DTBI010 Medium First Run Wizard settings must be established for a home page.
DTBI575 Medium Allow binary and script behaviors must be disallowed (Restricted Sites zone).
DTBI775 Medium Automatic checking for Internet Explorer updates must be disallowed.
DTBI980 Medium Ability to install new versions of Internet Explorer automatically must be disallowed.
DTBI770 Medium Deleting websites that the user has visited must be disallowed.
DTBI985 Medium When enhanced protected mode is enabled, ActiveX controls must be disallowed to run in protected mode.
DTBI1020 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (IExplore).
DTBI470 Medium MIME sniffing must be disallowed (Restricted Sites zone).
DTBI475 Medium First-Run prompt ability must be disallowed (Internet zone).
DTBI1025 Medium Dragging of content from different domains within a window must be disallowed (Restricted Sites zone).
DTBI136 Medium Logon options must be configured and enforced (Restricted Sites zone).
DTBI640 Medium Internet Explorer Processes for Restrict File Download must be enforced (IExplore).
DTBI485 Medium Protected Mode must be enforced (Internet zone).
DTBI860 Medium When uploading files to a server, the local directory path must be excluded (Restricted Sites zone).
DTBI645 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (Reserved).
DTBI480 Medium First-Run prompt ability must be disallowed (Restricted Sites zone).
DTBI647 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (Explorer).
DTBI649 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (IExplore).
DTBI900 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (Reserved).
DTBI061 Medium Java permissions must be configured with High Safety (Intranet zone).
DTBI062 Medium Antimalware programs against ActiveX controls must not be run for the Intranet zone.
DTBI580 Medium Automatic prompting for file downloads must be disallowed (Restricted Sites zone).
DTBI990 Medium Dragging of content from different domains across windows must be disallowed (Internet zone).
DTBI740 Medium Managing SmartScreen Filter use must be enforced.
DTBI745 Medium Add-on performance notifications must be disallowed.
DTBI995 Medium Enhanced protected mode functionality must be enforced.
DTBI500 Medium Pop-up Blocker must be enforced (Restricted Sites zone).
DTBI1035 Medium Displaying of the reveal password button must be disallowed.
DTBI1030 Medium URL Suggestions must be disallowed.
DTBI599 Medium Internet Explorer Processes for MK protocol must be enforced (Reserved).
DTBI715 Medium Crash Detection management must be enforced.
DTBI850 Medium Scripting of Internet Explorer WebBrowser control must be disallowed (Restricted Sites zone).
DTBI340 Medium Active content from CDs must be disallowed to run on user machines.
DTBI910 Medium Status bar updates via script must be disallowed (Internet zone).
DTBI129 Medium Navigating windows and frames across different domains must be disallowed (Restricted Sites zone).
DTBI670 Medium Scripting of Java applets must be disallowed (Restricted Sites zone).
DTBI455 Medium XAML files must be disallowed (Internet zone).
DTBI325 Medium Security checking features must be enforced.
DTBI614 Medium Internet Explorer Processes for Zone Elevation must be enforced (IExplore).
DTBI450 Medium Java permissions must be disallowed (Locked Down Restricted Sites zone).
DTBI320 Medium Internet Explorer must be configured to use machine settings.
DTBI594 Medium Internet Explorer Processes for MIME handling must be enforced (IExplore).
DTBI595 Medium Internet Explorer Processes for MIME sniffing must be enforced (Reserved).
DTBI596 Medium Internet Explorer Processes for MIME sniffing must be enforced (Explorer).
DTBI597 Medium Internet Explorer Processes for MIME sniffing must be enforced (IExplore).
DTBI590 Medium Internet Explorer Processes for MIME handling must be enforced. (Reserved)
DTBI612 Medium Internet Explorer Processes for Zone Elevation must be enforced (Explorer).
DTBI592 Medium Internet Explorer Processes for MIME handling must be enforced (Explorer).
DTBI610 Medium Internet Explorer Processes for Zone Elevation must be enforced (Reserved).
DTBI515 Medium Websites in less privileged web content zones must be prevented from navigating into the Internet zone.
DTBI690 Medium AutoComplete feature for forms must be disallowed.
DTBI755 Medium Browser Geolocation functionality must be disallowed.
DTBI001 Medium The IE home page must be set to blank or a trusted site.
DTBI920 Medium .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Internet zone).
DTBI1040 Medium Do Not Track header must be sent.
DTBI1045 Medium Legacy filter functionality must be disallowed (Internet zone).
DTBI1046 Medium Antimalware programs against ActiveX controls must not be run for the Internet zone.
DTBI120 Medium Font downloads must be disallowed (Restricted Sites zone).
DTBI350 Medium Software must be disallowed to run or install with invalid signatures.
DTBI356 Medium The 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows, must be turned on.
DTBI355 Medium Third-party browser extensions must be disallowed.
DTBI840 Medium Cross-Site Scripting (XSS) Filter must be enforced (Internet zone).
DTBI440 Medium Java permissions must be disallowed (Locked Down Trusted Sites zone).
DTBI445 Medium Java permissions must be disallowed (Locked Down Internet zone).
DTBI605 Medium Internet Explorer Processes for MK protocol must be enforced (IExplore).
DTBI126 Medium Functionality to drag and drop or copy and paste files must be disallowed (Restricted Sites zone).
DTBI600 Medium Internet Explorer Processes for MK protocol must be enforced (Explorer).
DTBI520 Medium Websites in less privileged web content zones must be prevented from navigating into the Restricted Sites zone.
DTBI680 Medium The update check interval must be configured and set to 30 days.
DTBI725 Medium Turn on the auto-complete feature for user names and passwords on forms must be disabled.
DTBI930 Medium .NET Framework-reliant components signed with Authenticode must be disallowed to run (Internet zone).
DTBI1051 Medium Antimalware programs against ActiveX controls must not be run for the Restricted Sites zone.
DTBI1050 Medium Legacy filter functionality must be disallowed (Restricted Sites zone).
DTBI1055 Medium Internet Explorer accelerator functionality must be disallowed.
DTBI112 Medium The Download signed ActiveX controls property must be disallowed (Restricted Sites zone).
DTBI113 Medium The Download unsigned ActiveX controls property must be disallowed (Restricted Sites zone).
DTBI114 Medium The Initialize and script ActiveX controls not marked as safe property must be disallowed (Restricted Sites zone).
DTBI115 Medium ActiveX controls and plug-ins must be disallowed (Restricted Sites zone).
DTBI116 Medium ActiveX controls marked safe for scripting must be disallowed (Restricted Sites zone).
DTBI119 Medium File downloads must be disallowed (Restricted Sites zone).
DTBI830 Medium ActiveX controls without prompt property must be used in approved domains only (Internet zone).
DTBI835 Medium Internet Explorer Processes for Notification Bars must be enforced (IExplore).
DTBI300 Medium Configuring History setting must be set to 40 days.
DTBI305 Medium Automatic configuration of Internet Explorer connections must be disallowed.
DTBI630 Medium Internet Explorer Processes for Restrict File Download must be enforced (Reserved).
DTBI635 Medium Internet Explorer Processes for Restrict File Download must be enforced (Explorer).
DTBI435 Medium Java permissions must be disallowed (Locked Down Intranet zone).
DTBI430 Medium Java permissions must be disallowed (Locked Down Local Machine zone).
DTBI046 Medium Logon options must be configured to prompt (Internet zone).
DTBI044 Medium Clipboard operations via script must be disallowed (Internet zone).
DTBI042 Medium Userdata persistence must be disallowed (Internet zone).
DTBI128 Medium Launching programs and files in IFRAME must be disallowed (Restricted Sites zone).
DTBI940 Medium Scriptlets must be disallowed (Restricted Sites zone).
DTBI820 Medium Security Warning for unsafe files must be set to prompt (Internet zone).
DTBI127 Medium Installation of desktop items must be disallowed (Restricted Sites zone).
DTBI675 Medium The URL to be displayed for checking updates to Internet Explorer and Internet Tools must be blank or empty.
DTBI121 Medium Java permissions must be disallowed (Restricted Sites zone).
DTBI825 Medium Internet Explorer Processes for Notification Bars must be enforced (Explorer).
DTBI123 Medium The Allow META REFRESH property must be disallowed (Restricted Sites zone).
DTBI122 Medium Accessing data sources across domains must be disallowed (Restricted Sites zone).
DTBI318 Medium Internet Explorer must be set to disallow users to add/delete sites.
DTBI319 Medium Internet Explorer must be configured to disallow users to change policies.
DTBI315 Medium Participation in the Customer Experience Improvement Program must be disallowed.
DTBI425 Medium Java permissions must be disallowed (Local Machine zone).
DTBI426 Medium Antimalware programs against ActiveX controls must not be run for the Local Machine zone.
DTBI890 Medium Cross-Site Scripting (XSS) Filter property must be enforced (Restricted Sites zone).
DTBI815 Medium Internet Explorer Processes for Notification Bars must be enforced (Reserved).
DTBI810 Medium When uploading files to a server, the local directory path must be excluded (Internet zone).
DTBI460 Medium XAML files must be disallowed (Restricted Sites zone).
DTBI465 Medium MIME sniffing must be disallowed (Internet zone).
DTBI032 Medium Accessing data sources across domains must be disallowed (Internet zone).
DTBI031 Medium The Java permissions must be disallowed (Internet zone).
DTBI030 Medium Font downloads must be disallowed (Internet zone).
DTBI950 Medium Status bar updates via script must be disallowed (Restricted Sites zone).
DTBI036 Medium Functionality to drag and drop or copy and paste files must be disallowed (Internet zone).
DTBI132 Medium Userdata persistence must be disallowed (Restricted Sites zone).
DTBI133 Medium Active scripting must be disallowed (Restricted Sites Zone).
DTBI039 Medium Navigating windows and frames across different domains must be disallowed (Internet zone).
DTBI038 Medium Launching programs and files in IFRAME must be disallowed (Internet zone).
DTBI385 Medium Script-initiated windows without size or position constraints must be disallowed (Internet zone).
DTBI134 Medium Clipboard operations via script must be disallowed (Restricted Sites zone).
DTBI091 Medium Java permissions must be configured with High Safety (Trusted Sites zone).
DTBI092 Medium Antimalware programs against ActiveX controls must not be run for the Trusted Sites zone.
DTBI490 Medium Protected Mode must be enforced (Restricted Sites zone).
DTBI365 Medium Checking for server certificate revocation must be enforced.
DTBI415 Medium Automatic prompting for file downloads must be disallowed (Internet zone).
DTBI880 Medium ActiveX controls without prompt property must be used in approved domains only (Restricted Sites zone).
DTBI1005 Medium Dragging of content from different domains across windows must be disallowed (Restricted Sites zone).
DTBI800 Medium Scripting of Internet Explorer WebBrowser control property must be disallowed (Internet zone).
DTBI395 Medium Scriptlets must be disallowed (Internet zone).
DTBI1000 Medium Dragging of content from different domains within a window must be disallowed (Internet zone).
DTBI390 Medium Script-initiated windows without size or position constraints must be disallowed (Restricted Sites zone).
DTBI805 Medium ActiveX opt-in prompt must be disallowed.
DTBI022 Medium The Download signed ActiveX controls property must be disallowed (Internet zone).
DTBI023 Medium The Download unsigned ActiveX controls property must be disallowed (Internet zone).
DTBI024 Medium The Initialize and script ActiveX controls not marked as safe property must be disallowed (Internet zone).
DTBI780 Medium InPrivate Browsing must be disallowed.
DTBI697 Low Ability for users to enable or disable add-ons must be managed.
DTBI750 Low Updates to website lists from Microsoft must be disallowed.
DTBI367 Low Internet Explorer must be configured to make proxy settings per user.