Browser Geolocation functionality must be disallowed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-46825 | DTBI755-IE11 | SV-59691r1_rule | ECSC-1 | Medium |
| Description |
|---|
| This setting has a small impact on user privacy because users may unknowingly allow their browser to share location data with web sites that they visit. The value of enabling this setting is diminished due to the fact that malicious websites can learn a great deal about the location of a user merely by analyzing their IP address. If you enable this policy setting, Browser Geolocation support will be turned off. If you disable this policy setting, Browser Geolocation will be turned on. If you do not configure this setting, Browser Geolocation support can be turned on or off in Internet Options on the "Privacy" tab. |
| STIG | Date |
|---|---|
| Microsoft Internet Explorer 11 Security Technical Implementation Guide | 2014-05-13 |
Details
| Check Text ( C-49913r2_chk ) |
|---|
| The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> 'Turn off Browser Geolocation' must be 'Enabled'. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Geolocation Criteria: If the value "PolicyDisableGeolocation" is REG_DWORD = 1, this is not a finding. |
| Fix Text (F-50571r1_fix) |
|---|
| Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> 'Turn off Browser Geolocation' to 'Enabled'. |