UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Microsoft Internet Explorer 11 Security Technical Implementation Guide


Overview

Date Finding Count (137)
2023-12-01 CAT I (High): 1 CAT II (Med): 133 CAT III (Low): 3
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Classified)

Finding ID Severity Title
V-252910 High The version of Internet Explorer running on the system must be a supported version.
V-223073 Medium Internet Explorer must be configured to disallow users to change policies.
V-223072 Medium Internet Explorer must be set to disallow users to add/delete sites.
V-223109 Medium Internet Explorer Processes for MK protocol must be enforced (iexplore).
V-223070 Medium Logon options must be configured and enforced (Restricted Sites zone).
V-223077 Medium The 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows, must be turned on.
V-223076 Medium Software must be disallowed to run or install with invalid signatures.
V-223075 Medium Security checking features must be enforced.
V-223074 Medium Internet Explorer must be configured to use machine settings.
V-223103 Medium Internet Explorer Processes for MIME handling must be enforced (iexplore).
V-223102 Medium Internet Explorer Processes for MIME handling must be enforced (Explorer).
V-223079 Medium Checking for signatures on downloaded programs must be enforced.
V-223107 Medium Internet Explorer Processes for MK protocol must be enforced (Reserved).
V-223106 Medium Internet Explorer Processes for MIME sniffing must be enforced (iexplore).
V-223105 Medium Internet Explorer Processes for MIME sniffing must be enforced (Explorer).
V-223104 Medium Internet Explorer Processes for MIME sniffing must be enforced (Reserved).
V-223046 Medium The Initialize and script ActiveX controls not marked as safe must be disallowed (Trusted Sites Zone).
V-223044 Medium Turn on SmartScreen Filter scan option for the Restricted Sites Zone must be enabled.
V-223045 Medium The Initialize and script ActiveX controls not marked as safe must be disallowed (Intranet Zone).
V-223042 Medium Prevent ignoring certificate errors option must be enabled.
V-223043 Medium Turn on SmartScreen Filter scan option for the Internet Zone must be enabled.
V-223138 Medium When uploading files to a server, the local directory path must be excluded (Restricted Sites zone).
V-223041 Medium Prevent per-user installation of ActiveX controls must be enabled.
V-223136 Medium Cross-Site Scripting Filter must be enforced (Internet zone).
V-223137 Medium Scripting of Internet Explorer WebBrowser Control must be disallowed (Restricted Sites zone).
V-223134 Medium ActiveX controls without prompt property must be used in approved domains only (Internet zone).
V-223135 Medium Internet Explorer Processes for Notification Bars must be enforced (iexplore).
V-223132 Medium Security Warning for unsafe files must be set to prompt (Internet zone).
V-223133 Medium Internet Explorer Processes for Notification Bars must be enforced (Explorer).
V-223130 Medium When uploading files to a server, the local directory path must be excluded (Internet zone).
V-223131 Medium Internet Explorer Processes for Notification Bars must be enforced (Reserved).
V-223059 Medium ActiveX controls marked safe for scripting must be disallowed (Restricted Sites zone).
V-223058 Medium ActiveX controls and plug-ins must be disallowed (Restricted Sites zone).
V-223048 Medium Run once selection for running outdated ActiveX controls must be disabled.
V-223051 Medium The Download signed ActiveX controls property must be disallowed (Restricted Sites zone).
V-223050 Medium Use of the Tabular Data Control (TDC) ActiveX control must be disabled for the Internet Zone.
V-223053 Medium VBScript must not be allowed to run in Internet Explorer (Internet zone).
V-223052 Medium Use of the Tabular Data Control (TDC) ActiveX control must be disabled for the Restricted Sites Zone.
V-223055 Medium VBScript must not be allowed to run in Internet Explorer (Restricted Sites zone).
V-223054 Medium The Download unsigned ActiveX controls property must be disallowed (Restricted Sites zone).
V-223057 Medium The Initialize and script ActiveX controls not marked as safe property must be disallowed (Restricted Sites zone).
V-223121 Medium Scripting of Java applets must be disallowed (Restricted Sites zone).
V-223120 Medium .NET Framework-reliant components signed with Authenticode must be disallowed to run (Restricted Sites Zone).
V-223123 Medium Crash Detection management must be enforced.
V-223122 Medium AutoComplete feature for forms must be disallowed.
V-223125 Medium Managing SmartScreen Filter use must be enforced.
V-223124 Medium Turn on the auto-complete feature for user names and passwords on forms must be disabled.
V-223127 Medium Deleting websites that the user has visited must be disallowed.
V-223126 Medium Browser must retain history on exit.
V-223129 Medium Scripting of Internet Explorer WebBrowser control property must be disallowed (Internet zone).
V-223128 Medium InPrivate Browsing must be disallowed.
V-223071 Medium Configuring History setting must be set to 40 days.
V-223108 Medium Internet Explorer Processes for MK protocol must be enforced (Explorer).
V-223028 Medium Java permissions must be configured with High Safety (Intranet zone).
V-223029 Medium Anti-Malware programs against ActiveX controls must be run for the Intranet zone.
V-223024 Medium Navigating windows and frames across different domains must be disallowed (Internet zone).
V-223025 Medium Userdata persistence must be disallowed (Internet zone).
V-223026 Medium Clipboard operations via script must be disallowed (Internet zone).
V-223027 Medium Logon options must be configured to prompt (Internet zone).
V-223020 Medium The Java permissions must be disallowed (Internet zone).
V-223021 Medium Accessing data sources across domains must be disallowed (Internet zone).
V-223022 Medium Functionality to drag and drop or copy and paste files must be disallowed (Internet zone).
V-223023 Medium Launching programs and files in IFRAME must be disallowed (Internet zone).
V-223040 Medium Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the internet must be enabled.
V-223060 Medium File downloads must be disallowed (Restricted Sites zone).
V-223139 Medium Security Warning for unsafe files must be disallowed (Restricted Sites zone).
V-223101 Medium Internet Explorer Processes for MIME handling must be enforced. (Reserved)
V-223100 Medium Automatic prompting for file downloads must be disallowed (Restricted Sites zone).
V-223039 Medium Prevent bypassing SmartScreen Filter warnings must be enabled.
V-223038 Medium Anti-Malware programs against ActiveX controls must be run for the Restricted Sites zone.
V-223037 Medium Anti-Malware programs against ActiveX controls must be run for the Internet zone.
V-223036 Medium Dragging of content from different domains within a window must be disallowed (Restricted Sites zone).
V-223035 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (iexplore).
V-223034 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (Explorer).
V-223033 Medium Dragging of content from different domains across windows must be disallowed (Restricted Sites zone).
V-223032 Medium Dragging of content from different domains within a window must be disallowed (Internet zone).
V-223031 Medium Anti-Malware programs against ActiveX controls must be run for the Trusted Sites zone.
V-223030 Medium Java permissions must be configured with High Safety (Trusted Sites zone).
V-223147 Medium Status bar updates via script must be disallowed (Restricted Sites zone).
V-223146 Medium Scriptlets must be disallowed (Restricted Sites zone).
V-223145 Medium .NET Framework-reliant components signed with Authenticode must be disallowed to run (Internet zone).
V-223144 Medium .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Internet zone).
V-223143 Medium Status bar updates via script must be disallowed (Internet zone).
V-223142 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (Reserved).
V-223141 Medium Cross-Site Scripting Filter property must be enforced (Restricted Sites zone).
V-223140 Medium ActiveX controls without prompt property must be used in approved domains only (Restricted Sites zone).
V-223149 Medium Dragging of content from different domains across windows must be disallowed (Internet zone).
V-223148 Medium When Enhanced Protected Mode is enabled, ActiveX controls must be disallowed to run in Protected Mode.
V-250541 Medium Allow Fallback to SSL 3.0 (Internet Explorer) must be disabled.
V-250540 Medium Turn off Encryption Support must be enabled.
V-223061 Medium Java permissions must be disallowed (Restricted Sites zone).
V-223088 Medium Java permissions must be disallowed (Locked Down Intranet zone).
V-223089 Medium Java permissions must be disallowed (Locked Down Trusted Sites zone).
V-223082 Medium Script-initiated windows without size or position constraints must be disallowed (Restricted Sites zone).
V-223083 Medium Scriptlets must be disallowed (Internet zone).
V-223080 Medium All network paths (UNCs) for Intranet sites must be disallowed.
V-223081 Medium Script-initiated windows without size or position constraints must be disallowed (Internet zone).
V-223086 Medium Anti-Malware programs against ActiveX controls must be run for the Local Machine zone.
V-223087 Medium Java permissions must be disallowed (Locked Down Local Machine zone).
V-223084 Medium Automatic prompting for file downloads must be disallowed (Internet zone).
V-223085 Medium Java permissions must be disallowed (Local Machine zone).
V-223068 Medium Active scripting must be disallowed (Restricted Sites Zone).
V-223069 Medium Clipboard operations via script must be disallowed (Restricted Sites zone).
V-223015 Medium The Internet Explorer warning about certificate address mismatch must be enforced.
V-223017 Medium The Download signed ActiveX controls property must be disallowed (Internet zone).
V-223019 Medium The Initialize and script ActiveX controls not marked as safe property must be disallowed (Internet zone).
V-223018 Medium The Download unsigned ActiveX controls property must be disallowed (Internet zone).
V-223099 Medium Allow binary and script behaviors must be disallowed (Restricted Sites zone).
V-223098 Medium Websites in less privileged web content zones must be prevented from navigating into the Restricted Sites zone.
V-223095 Medium Pop-up Blocker must be enforced (Internet zone).
V-223094 Medium Protected Mode must be enforced (Restricted Sites zone).
V-223097 Medium Websites in less privileged web content zones must be prevented from navigating into the Internet zone.
V-223096 Medium Pop-up Blocker must be enforced (Restricted Sites zone).
V-223091 Medium XAML files must be disallowed (Internet zone).
V-223090 Medium Java permissions must be disallowed (Locked Down Restricted Sites zone).
V-223093 Medium Protected Mode must be enforced (Internet zone).
V-223092 Medium XAML files must be disallowed (Restricted Sites zone).
V-223049 Medium Enabling outdated ActiveX controls for Internet Explorer must be blocked.
V-223118 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (iexplore).
V-223119 Medium .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Restricted Sites Zone).
V-223062 Medium Accessing data sources across domains must be disallowed (Restricted Sites zone).
V-223063 Medium The Allow META REFRESH property must be disallowed (Restricted Sites zone).
V-223064 Medium Functionality to drag and drop or copy and paste files must be disallowed (Restricted Sites zone).
V-223065 Medium Launching programs and files in IFRAME must be disallowed (Restricted Sites zone).
V-223066 Medium Navigating windows and frames across different domains must be disallowed (Restricted Sites zone).
V-223067 Medium Userdata persistence must be disallowed (Restricted Sites zone).
V-223110 Medium Internet Explorer Processes for Zone Elevation must be enforced (Reserved).
V-223111 Medium Internet Explorer Processes for Zone Elevation must be enforced (Explorer).
V-223112 Medium Internet Explorer Processes for Zone Elevation must be enforced (iexplore).
V-223113 Medium Internet Explorer Processes for Restrict File Download must be enforced (Reserved).
V-223114 Medium Internet Explorer Processes for Restrict File Download must be enforced (Explorer).
V-223115 Medium Internet Explorer Processes for Restrict File Download must be enforced (iexplore).
V-223116 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (Reserved).
V-223117 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (Explorer).
V-223078 Low Checking for server certificate revocation must be enforced.
V-223056 Low Internet Explorer Development Tools Must Be Disabled.
V-223016 Low Check for publishers certificate revocation must be enforced.