UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Microsoft Internet Explorer 11 Security Technical Implementation Guide


Overview

Date Finding Count (148)
2015-12-30 CAT I (High): 0 CAT II (Med): 145 CAT III (Low): 3
STIG Description
The Microsoft Internet Explorer 11 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil.

Available Profiles



Findings (MAC I - Mission Critial Public)

Finding ID Severity Title
V-46637 Medium Script-initiated windows without size or position constraints must be disallowed (Internet zone).
V-46635 Medium All network paths (UNCs) for Intranet sites must be disallowed.
V-46633 Medium Checking for signatures on downloaded programs must be enforced.
V-46575 Medium The Download unsigned ActiveX controls property must be disallowed (Restricted Sites zone).
V-46733 Medium Internet Explorer Processes for Restrict File Download must be enforced (Reserved).
V-46639 Medium Script-initiated windows without size or position constraints must be disallowed (Restricted Sites zone).
V-46731 Medium Internet Explorer Processes for Zone Elevation must be enforced (IExplore).
V-46577 Medium The Initialize and script ActiveX controls not marked as safe property must be disallowed (Restricted Sites zone).
V-46849 Medium Scripting of Internet Explorer WebBrowser control property must be disallowed (Internet zone).
V-46845 Medium Automatic checking for Internet Explorer updates must be disallowed.
V-46847 Medium InPrivate Browsing must be disallowed.
V-46841 Medium Deleting websites that the user has visited must be disallowed.
V-46805 Medium The update check interval must be configured and set to 30 days.
V-46705 Medium Automatic prompting for file downloads must be disallowed (Restricted Sites zone).
V-46643 Medium Automatic prompting for file downloads must be disallowed (Internet zone).
V-46641 Medium Scriptlets must be disallowed (Internet zone).
V-46647 Medium Java permissions must be disallowed (Locked Down Local Machine zone).
V-46645 Medium Java permissions must be disallowed (Local Machine zone).
V-46649 Medium Java permissions must be disallowed (Locked Down Intranet zone).
V-46625 Medium Software must be disallowed to run or install with invalid signatures.
V-46627 Medium Third-party browser extensions must be disallowed.
V-46621 Medium Security checking features must be enforced.
V-46623 Medium Active content from CDs must be disallowed to run on user machines.
V-46629 Medium Checking for server certificate revocation must be enforced.
V-46879 Medium Cross-Site Scripting (XSS) Filter must be enforced (Internet zone).
V-46611 Medium Automatic configuration of Internet Explorer connections must be disallowed.
V-46613 Medium Participation in the Customer Experience Improvement Program must be disallowed.
V-46865 Medium ActiveX controls without prompt property must be used in approved domains only (Internet zone).
V-46615 Medium Internet Explorer must be set to disallow users to add/delete sites.
V-46617 Medium Internet Explorer must be configured to disallow users to change policies.
V-46861 Medium Internet Explorer Processes for Notification Bars must be enforced (Explorer).
V-46619 Medium Internet Explorer must be configured to use machine settings.
V-46565 Medium Legacy filter functionality must be disallowed (Internet zone).
V-46943 Medium Ability to install new versions of Internet Explorer automatically must be disallowed.
V-46869 Medium Internet Explorer Processes for Notification Bars must be enforced (IExplore).
V-46589 Medium Accessing data sources across domains must be disallowed (Restricted Sites zone).
V-46585 Medium Font downloads must be disallowed (Restricted Sites zone).
V-46587 Medium Java permissions must be disallowed (Restricted Sites zone).
V-46581 Medium ActiveX controls marked safe for scripting must be disallowed (Restricted Sites zone).
V-46583 Medium File downloads must be disallowed (Restricted Sites zone).
V-46505 Medium Font downloads must be disallowed (Internet zone).
V-46523 Medium Logon options must be configured to prompt (Internet zone).
V-46507 Medium The Java permissions must be disallowed (Internet zone).
V-46501 Medium The Initialize and script ActiveX controls not marked as safe property must be disallowed (Internet zone).
V-46509 Medium Accessing data sources across domains must be disallowed (Internet zone).
V-46811 Medium Crash Detection management must be enforced.
V-46563 Medium Do Not Track header must be sent.
V-46609 Medium Configuring History setting must be set to 40 days.
V-46607 Medium Logon options must be configured and enforced (Restricted Sites zone).
V-46819 Medium Managing SmartScreen Filter use must be enforced.
V-46605 Medium Clipboard operations via script must be disallowed (Restricted Sites zone).
V-46603 Medium Active scripting must be disallowed (Restricted Sites Zone).
V-46569 Medium Legacy filter functionality must be disallowed (Restricted Sites zone).
V-46601 Medium Rule Title: Userdata persistence must be disallowed (Restricted Sites zone).
V-46599 Medium Navigating windows and frames across different domains must be disallowed (Restricted Sites zone).
V-46893 Medium ActiveX controls without prompt property must be used in approved domains only (Restricted Sites zone).
V-46593 Medium Functionality to drag and drop or copy and paste files must be disallowed (Restricted Sites zone).
V-46591 Medium The Allow META REFRESH property must be disallowed (Restricted Sites zone).
V-46897 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (Reserved).
V-46597 Medium Launching programs and files in IFRAME must be disallowed (Restricted Sites zone).
V-46895 Medium Cross-Site Scripting (XSS) Filter property must be enforced (Restricted Sites zone).
V-46595 Medium Installation of desktop items must be disallowed (Restricted Sites zone).
V-46513 Medium Launching programs and files in IFRAME must be disallowed (Internet zone).
V-46511 Medium Functionality to drag and drop or copy and paste files must be disallowed (Internet zone).
V-46517 Medium Userdata persistence must be disallowed (Internet zone).
V-46515 Medium Navigating windows and frames across different domains must be disallowed (Internet zone).
V-46691 Medium Pop-up Blocker must be enforced (Restricted Sites zone).
V-46693 Medium Websites in less privileged web content zones must be prevented from navigating into the Internet zone.
V-46695 Medium Websites in less privileged web content zones must be prevented from navigating into the Restricted Sites zone.
V-46801 Medium Scripting of Java applets must be disallowed (Restricted Sites zone).
V-46679 Medium First-Run prompt ability must be disallowed (Restricted Sites zone).
V-46803 Medium The URL to be displayed for checking updates to Internet Explorer and Internet Tools must be about:blank.
V-46571 Medium Internet Explorer accelerator functionality must be disallowed.
V-46573 Medium The Download signed ActiveX controls property must be disallowed (Restricted Sites zone).
V-46673 Medium MIME sniffing must be disallowed (Internet zone).
V-46677 Medium First-Run prompt ability must be disallowed (Internet zone).
V-46579 Medium ActiveX controls and plug-ins must be disallowed (Restricted Sites zone).
V-46675 Medium MIME sniffing must be disallowed (Restricted Sites zone).
V-46717 Medium Internet Explorer Processes for MIME sniffing must be enforced (Explorer).
V-46927 Medium Scriptlets must be disallowed (Restricted Sites zone).
V-46921 Medium .NET Framework-reliant components signed with Authenticode must be disallowed to run (Internet zone).
V-46889 Medium Security Warning for unsafe files must be disallowed (Restricted Sites zone).
V-46685 Medium Protected Mode must be enforced (Restricted Sites zone).
V-46681 Medium Protected Mode must be enforced (Internet zone).
V-46883 Medium Scripting of Internet Explorer WebBrowser control must be disallowed (Restricted Sites zone).
V-46885 Medium When uploading files to a server, the local directory path must be excluded (Restricted Sites zone).
V-46689 Medium Pop-up Blocker must be enforced (Internet zone).
V-46669 Medium XAML files must be disallowed (Restricted Sites zone).
V-46543 Medium Java permissions must be configured with High Safety (Trusted Sites zone).
V-46555 Medium Dragging of content from different domains within a window must be disallowed (Restricted Sites zone).
V-46545 Medium Dragging of content from different domains within a window must be disallowed (Internet zone).
V-46701 Medium Allow binary and script behaviors must be disallowed (Restricted Sites zone).
V-46549 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (Explorer).
V-46661 Medium Java permissions must be disallowed (Locked Down Internet zone).
V-46663 Medium Java permissions must be disallowed (Locked Down Restricted Sites zone).
V-46665 Medium XAML files must be disallowed (Internet zone).
V-46709 Medium Internet Explorer Processes for MIME handling is not enabled. (Reserved)
V-46553 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (IExplore).
V-46939 Medium Status bar updates via script must be disallowed (Restricted Sites zone).
V-47003 Medium Antimalware programs against ActiveX controls must be run for the Local Machine zone.
V-47005 Medium Antimalware programs against ActiveX controls must be run for the Restricted Sites zone.
V-46475 Medium The Internet Explorer warning about certificate address mismatch must be enforced.
V-47009 Medium Antimalware programs against ActiveX controls must be run for the Trusted Sites zone.
V-46471 Medium First Run Wizard settings must be established for a home page.
V-46779 Medium Internet Explorer Processes for Restrict File Download must be enforced (Explorer).
V-46715 Medium Internet Explorer Processes for MIME sniffing must be enforced (Reserved).
V-46829 Medium Browser must retain history on exit.
V-46711 Medium Internet Explorer Processes for MIME handling must be enforced (Explorer).
V-46559 Medium Displaying of the reveal password button must be disallowed.
V-46557 Medium URL Suggestions must be disallowed.
V-46821 Medium Add-on performance notifications must be disallowed.
V-46719 Medium Internet Explorer Processes for MIME sniffing must be enforced (IExplore).
V-46825 Medium Browser Geolocation functionality must be disallowed.
V-46713 Medium Internet Explorer Processes for MIME handling must be enforced (IExplore).
V-46903 Medium Status bar updates via script must be disallowed (Internet zone).
V-46907 Medium .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Internet zone).
V-46975 Medium When enhanced protected mode is enabled, ActiveX controls must be disallowed to run in protected mode.
V-46981 Medium Dragging of content from different domains across windows must be disallowed (Internet zone).
V-46547 Medium Dragging of content from different domains across windows must be disallowed (Restricted Sites zone).
V-46987 Medium Enhanced protected mode functionality must be enforced.
V-46989 Medium Microsoft services to provide enhanced suggestions as the user types in the Address bar must be disallowed.
V-46789 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (Explorer).
V-46787 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (Reserved).
V-46781 Medium Internet Explorer Processes for Restrict File Download must be enforced (IExplore).
V-46721 Medium Internet Explorer Processes for MK protocol must be enforced (Reserved).
V-46723 Medium Internet Explorer Processes for MK protocol must be enforced (Explorer).
V-46725 Medium Internet Explorer Processes for MK protocol must be enforced (IExplore).
V-46481 Medium The Download signed ActiveX controls property must be disallowed (Internet zone).
V-46727 Medium Internet Explorer Processes for Zone Elevation must be enforced (Reserved).
V-46483 Medium The Download unsigned ActiveX controls property must be disallowed (Internet zone).
V-46729 Medium Internet Explorer Processes for Zone Elevation must be enforced (Explorer).
V-46521 Medium Clipboard operations via script must be disallowed (Internet zone).
V-46525 Medium Java permissions must be configured with High Safety (Intranet zone).
V-46833 Medium Suggested Sites functionality must be disallowed.
V-46859 Medium Security Warning for unsafe files must be set to prompt (Internet zone).
V-46857 Medium Internet Explorer Processes for Notification Bars must be enforced (Reserved).
V-46853 Medium When uploading files to a server, the local directory path must be excluded (Internet zone).
V-46851 Medium ActiveX opt-in prompt must be disallowed.
V-46999 Medium Antimalware programs against ActiveX controls must be run for the Intranett zone.
V-46997 Medium Antimalware programs against ActiveX controls must be run for the Internet zone.
V-46995 Medium The 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows, must be turned on.
V-46799 Medium .NET Framework-reliant components signed with Authenticode must be disallowed to run (Restricted Sites Zone).
V-46653 Medium Java permissions must be disallowed (Locked Down Trusted Sites zone).
V-46797 Medium .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Restricted Sites Zone).
V-46791 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (IExplore).
V-46631 Low Internet Explorer must be configured to make proxy settings per user.
V-46809 Low Ability for users to enable or disable add-ons must be enforced.
V-46823 Low Updates to website lists from Microsoft must be disallowed.