UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Microsoft Internet Explorer 11 Security Technical Implementation Guide


Overview

Date Finding Count (138)
2017-06-19 CAT I (High): 0 CAT II (Med): 137 CAT III (Low): 1
STIG Description
The Microsoft Internet Explorer 11 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-46637 Medium Script-initiated windows without size or position constraints must be disallowed (Internet zone).
V-46635 Medium All network paths (UNCs) for Intranet sites must be disallowed.
V-46633 Medium Checking for signatures on downloaded programs must be enforced.
V-46575 Medium The Download unsigned ActiveX controls property must be disallowed (Restricted Sites zone).
V-46733 Medium Internet Explorer Processes for Restrict File Download must be enforced (Reserved).
V-46639 Medium Script-initiated windows without size or position constraints must be disallowed (Restricted Sites zone).
V-46731 Medium Internet Explorer Processes for Zone Elevation must be enforced (iexplore).
V-46849 Medium Scripting of Internet Explorer WebBrowser control property must be disallowed (Internet zone).
V-46847 Medium InPrivate Browsing must be disallowed.
V-46841 Medium Deleting websites that the user has visited must be disallowed.
V-72763 Medium Use of the Tabular Data Control (TDC) ActiveX control must be disabled for the Restricted Sites Zone.
V-46573 Medium The Download signed ActiveX controls property must be disallowed (Restricted Sites zone).
V-64729 Medium Allow Fallback to SSL 3.0 (Internet Explorer) must be disabled.
V-46643 Medium Automatic prompting for file downloads must be disallowed (Internet zone).
V-46641 Medium Scriptlets must be disallowed (Internet zone).
V-46647 Medium Java permissions must be disallowed (Locked Down Local Machine zone).
V-46645 Medium Java permissions must be disallowed (Local Machine zone).
V-64721 Medium Turn on SmartScreen Filter scan option for the Restricted Sites Zone must be enabled.
V-64723 Medium The Initialize and script ActiveX controls not marked as safe must be disallowed (Intranet Zone).
V-46649 Medium Java permissions must be disallowed (Locked Down Intranet zone).
V-64725 Medium The Initialize and script ActiveX controls not marked as safe must be disallowed (Trusted Sites Zone).
V-46625 Medium Software must be disallowed to run or install with invalid signatures.
V-46621 Medium Security checking features must be enforced.
V-46629 Medium Checking for server certificate revocation must be enforced.
V-46879 Medium Cross-Site Scripting Filter must be enforced (Internet zone).
V-72759 Medium Enabling outdated ActiveX controls for Internet Explorer must be blocked.
V-46865 Medium ActiveX controls without prompt property must be used in approved domains only (Internet zone).
V-46615 Medium Internet Explorer must be set to disallow users to add/delete sites.
V-46617 Medium Internet Explorer must be configured to disallow users to change policies.
V-46861 Medium Internet Explorer Processes for Notification Bars must be enforced (Explorer).
V-46619 Medium Internet Explorer must be configured to use machine settings.
V-46869 Medium Internet Explorer Processes for Notification Bars must be enforced (iexplore).
V-46589 Medium Accessing data sources across domains must be disallowed (Restricted Sites zone).
V-46585 Medium Font downloads must be disallowed (Restricted Sites zone).
V-46587 Medium Java permissions must be disallowed (Restricted Sites zone).
V-46581 Medium ActiveX controls marked safe for scripting must be disallowed (Restricted Sites zone).
V-46583 Medium File downloads must be disallowed (Restricted Sites zone).
V-46505 Medium Font downloads must be disallowed (Internet zone).
V-46729 Medium Internet Explorer Processes for Zone Elevation must be enforced (Explorer).
V-46507 Medium The Java permissions must be disallowed (Internet zone).
V-46501 Medium The Initialize and script ActiveX controls not marked as safe property must be disallowed (Internet zone).
V-46509 Medium Accessing data sources across domains must be disallowed (Internet zone).
V-46811 Medium Crash Detection management must be enforced.
V-46815 Medium Turn on the auto-complete feature for user names and passwords on forms must be disabled.
V-46609 Medium Configuring History setting must be set to 40 days.
V-46607 Medium Logon options must be configured and enforced (Restricted Sites zone).
V-46819 Medium Managing SmartScreen Filter use must be enforced.
V-46605 Medium Clipboard operations via script must be disallowed (Restricted Sites zone).
V-46603 Medium Active scripting must be disallowed (Restricted Sites Zone).
V-46601 Medium Userdata persistence must be disallowed (Restricted Sites zone).
V-46599 Medium Navigating windows and frames across different domains must be disallowed (Restricted Sites zone).
V-46893 Medium ActiveX controls without prompt property must be used in approved domains only (Restricted Sites zone).
V-46593 Medium Functionality to drag and drop or copy and paste files must be disallowed (Restricted Sites zone).
V-46591 Medium The Allow META REFRESH property must be disallowed (Restricted Sites zone).
V-46897 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (Reserved).
V-46597 Medium Launching programs and files in IFRAME must be disallowed (Restricted Sites zone).
V-46895 Medium Cross-Site Scripting Filter property must be enforced (Restricted Sites zone).
V-46513 Medium Launching programs and files in IFRAME must be disallowed (Internet zone).
V-46511 Medium Functionality to drag and drop or copy and paste files must be disallowed (Internet zone).
V-46517 Medium Userdata persistence must be disallowed (Internet zone).
V-46515 Medium Navigating windows and frames across different domains must be disallowed (Internet zone).
V-46691 Medium Pop-up Blocker must be enforced (Restricted Sites zone).
V-46693 Medium Websites in less privileged web content zones must be prevented from navigating into the Internet zone.
V-46695 Medium Websites in less privileged web content zones must be prevented from navigating into the Restricted Sites zone.
V-46801 Medium Scripting of Java applets must be disallowed (Restricted Sites zone).
V-46577 Medium The Initialize and script ActiveX controls not marked as safe property must be disallowed (Restricted Sites zone).
V-46807 Medium AutoComplete feature for forms must be disallowed.
V-46579 Medium ActiveX controls and plug-ins must be disallowed (Restricted Sites zone).
V-46717 Medium Internet Explorer Processes for MIME sniffing must be enforced (Explorer).
V-46927 Medium Scriptlets must be disallowed (Restricted Sites zone).
V-46921 Medium .NET Framework-reliant components signed with Authenticode must be disallowed to run (Internet zone).
V-46889 Medium Security Warning for unsafe files must be disallowed (Restricted Sites zone).
V-46685 Medium Protected Mode must be enforced (Restricted Sites zone).
V-46681 Medium Protected Mode must be enforced (Internet zone).
V-46883 Medium Scripting of Internet Explorer WebBrowser Control must be disallowed (Restricted Sites zone).
V-46885 Medium When uploading files to a server, the local directory path must be excluded (Restricted Sites zone).
V-46689 Medium Pop-up Blocker must be enforced (Internet zone).
V-46669 Medium XAML files must be disallowed (Restricted Sites zone).
V-46543 Medium Java permissions must be configured with High Safety (Trusted Sites zone).
V-46545 Medium Dragging of content from different domains within a window must be disallowed (Internet zone).
V-46701 Medium Allow binary and script behaviors must be disallowed (Restricted Sites zone).
V-46549 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (Explorer).
V-46663 Medium Java permissions must be disallowed (Locked Down Restricted Sites zone).
V-46665 Medium XAML files must be disallowed (Internet zone).
V-46709 Medium Internet Explorer Processes for MIME handling must be enforced. (Reserved)
V-46553 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (iexplore).
V-46939 Medium Status bar updates via script must be disallowed (Restricted Sites zone).
V-47003 Medium Anti-Malware programs against ActiveX controls must be run for the Local Machine zone.
V-72757 Medium Run once selection for running outdated ActiveX controls must be disabled.
V-47005 Medium Anti-Malware programs against ActiveX controls must be run for the Restricted Sites zone.
V-46475 Medium The Internet Explorer warning about certificate address mismatch must be enforced.
V-47009 Medium Anti-Malware programs against ActiveX controls must be run for the Trusted Sites zone.
V-46705 Medium Automatic prompting for file downloads must be disallowed (Restricted Sites zone).
V-46473 Medium Turn off Encryption Support must be enabled.
V-46779 Medium Internet Explorer Processes for Restrict File Download must be enforced (Explorer).
V-75169 Medium VBScript must not be allowed to run in Internet Explorer (Internet zone).
V-46715 Medium Internet Explorer Processes for MIME sniffing must be enforced (Reserved).
V-46829 Medium Browser must retain history on exit.
V-46711 Medium Internet Explorer Processes for MIME handling must be enforced (Explorer).
V-46713 Medium Internet Explorer Processes for MIME handling must be enforced (iexplore).
V-46555 Medium Dragging of content from different domains within a window must be disallowed (Restricted Sites zone).
V-46719 Medium Internet Explorer Processes for MIME sniffing must be enforced (iexplore).
V-46903 Medium Status bar updates via script must be disallowed (Internet zone).
V-46907 Medium .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Internet zone).
V-46975 Medium When Enhanced Protected Mode is enabled, ActiveX controls must be disallowed to run in Protected Mode.
V-46981 Medium Dragging of content from different domains across windows must be disallowed (Internet zone).
V-46547 Medium Dragging of content from different domains across windows must be disallowed (Restricted Sites zone).
V-46987 Medium Enhanced Protected Mode functionality must be enforced.
V-72761 Medium Use of the Tabular Data Control (TDC) ActiveX control must be disabled for the Internet Zone.
V-75171 Medium VBScript must not be allowed to run in Internet Explorer (Restricted Sites zone).
V-46789 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (Explorer).
V-46787 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (Reserved).
V-46781 Medium Internet Explorer Processes for Restrict File Download must be enforced (iexplore).
V-46799 Medium .NET Framework-reliant components signed with Authenticode must be disallowed to run (Restricted Sites Zone).
V-46721 Medium Internet Explorer Processes for MK protocol must be enforced (Reserved).
V-46723 Medium Internet Explorer Processes for MK protocol must be enforced (Explorer).
V-46725 Medium Internet Explorer Processes for MK protocol must be enforced (iexplore).
V-46481 Medium The Download signed ActiveX controls property must be disallowed (Internet zone).
V-46727 Medium Internet Explorer Processes for Zone Elevation must be enforced (Reserved).
V-46483 Medium The Download unsigned ActiveX controls property must be disallowed (Internet zone).
V-46523 Medium Logon options must be configured to prompt (Internet zone).
V-46521 Medium Clipboard operations via script must be disallowed (Internet zone).
V-46525 Medium Java permissions must be configured with High Safety (Intranet zone).
V-46859 Medium Security Warning for unsafe files must be set to prompt (Internet zone).
V-46857 Medium Internet Explorer Processes for Notification Bars must be enforced (Reserved).
V-46853 Medium When uploading files to a server, the local directory path must be excluded (Internet zone).
V-46797 Medium .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Restricted Sites Zone).
V-46999 Medium Anti-Malware programs against ActiveX controls must be run for the Intranet zone.
V-46997 Medium Anti-Malware programs against ActiveX controls must be run for the Internet zone.
V-46995 Medium The 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows, must be turned on.
V-46791 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (iexplore).
V-64719 Medium Turn on SmartScreen Filter scan option for the Internet Zone must be enabled.
V-46653 Medium Java permissions must be disallowed (Locked Down Trusted Sites zone).
V-64715 Medium Prevent per-user installation of ActiveX controls must be enabled.
V-64717 Medium Prevent ignoring certificate errors option must be enabled.
V-64711 Medium Prevent bypassing SmartScreen Filter warnings must be enabled.
V-64713 Medium Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the internet must be enabled.
V-46477 Low Check for publishers certificate revocation must be enforced.