UCF STIG Viewer Logo

Microsoft Internet Explorer 9 Security Technical Implementation Guide


Overview

Date Finding Count (135)
2015-12-17 CAT I (High): 1 CAT II (Med): 131 CAT III (Low): 3
STIG Description
Settings in this guidance assume a complete installation of Microsoft Internet Explorer 9 on the Windows 7 Platform. Registry paths and values identified in each control assume the use of Group Policy Administrative Templates. Installations not using Group Policies to administer Microsoft Browser products may observe alternate registry paths for stored configuration values.

Available Profiles



Findings (MAC II - Mission Support Sensitive)

Finding ID Severity Title
V-64785 High The installed version of IE must be a supported version.
V-15500 Medium Third-party browser extensions must be disallowed.
V-15503 Medium Checking for signatures on downloaded programs must be enforced.
V-15502 Medium Checking for server certificate revocation must be enforced.
V-15504 Medium All network paths (UNCs) for Intranet sites must be disallowed.
V-15507 Medium Script-initiated windows without size or position constraints must be disallowed (Internet zone).
V-15509 Medium Scriptlets must be disallowed (Internet zone).
V-6262 Medium Logon options must be configured to prompt (Internet zone).
V-6260 Medium Clipboard operations via script must be disallowed (Internet zone).
V-6267 Medium Java Permissions must be configured with High Safety (Intranet zone).
V-22171 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (Reserved).
V-15508 Medium Script-initiated windows without size or position constraints must be disallowed (Restricted Sites zone).
V-15518 Medium Java permissions must be disallowed (Locked Down Trusted Sites zone).
V-15519 Medium Java permissions must be disallowed (Locked Down Internet zone).
V-15516 Medium Java permissions must be disallowed (Locked Down Local Machine zone).
V-15517 Medium Java permissions must be disallowed (Locked Down Intranet zone).
V-15515 Medium Java permissions must be disallowed (Local Machine zone).
V-15513 Medium Automatic prompting for file downloads must be disallowed (Internet zone).
V-22108 Medium Managing SmartScreen Filter use must be enforced.
V-6297 Medium Accessing data sources across domains must be disallowed (Restricted Sites zone).
V-6294 Medium File downloads must be disallowed (Restricted Site zone).
V-6295 Medium Font downloads must be disallowed (Restricted Site zone).
V-6292 Medium ActiveX controls and plug-ins must be disallowed (Restricted Sites zone).
V-6293 Medium ActiveX controls marked safe for scripting must be disallowed (Restricted Sites zone).
V-6290 Medium The Download unsigned ActiveX controls property must be disallowed (Restricted Site zone).
V-6291 Medium The Initialize and script ActiveX controls not marked as safe property must be disallowed (Restricted Site zone).
V-6298 Medium The Allow META REFRESH property must be disallowed (Restricted Sites zone).
V-15581 Medium AutoComplete feature for user names and passwords on forms must be disallowed.
V-6301 Medium Functionality to drag and drop or copy and paste files must be disallowed (Restricted Sites zone).
V-15569 Medium Internet Explorer Processes for Zone Elevation must be enforced (Explorer).
V-15568 Medium Internet Explorer Processes for MK protocol must be enforced (Reserved).
V-6302 Medium Installation of desktop items must be disallowed (Restricted Sites zone).
V-15563 Medium The URL to be displayed for checking updates to Internet Explorer and Internet Tools must be about:blank.
V-15562 Medium Scripting of Java applets must be disallowed (Restricted Sites zone).
V-15561 Medium .NET Framework-reliant components signed with Authenticode must be disallowed to run (Restricted Site Zone).
V-22636 Medium .NET Framework-reliant components signed with Authenticode must be disallowed to run (Internet Zone).
V-15566 Medium Internet Explorer Processes for MIME handling must be enforced (IExplore).
V-15565 Medium Internet Explorer Processes for MIME handling must be enforced (Explorer).
V-15564 Medium The update check interval must be configured and set to 30 days.
V-6281 Medium The Java Permissions must be set with High Safety (Trusted Sites zone).
V-6289 Medium The Download signed ActiveX controls property must be disallowed (Restricted Site zone).
V-15579 Medium Crash Detection must be enforced.
V-22688 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (IExplore).
V-15570 Medium Internet Explorer Processes for Zone Elevation must be enforced (IExplore).
V-15571 Medium  Internet Explorer Processes for restricting pop-up windows must be enforced (Explorer).
V-15572 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (IExplore).
V-22687 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (Explorer).
V-15574 Medium AutoComplete feature for forms must be disallowed.
V-15575 Medium External branding feature of Internet Explorer must be disallowed .
V-6238 Medium The IE TLS parameter must be set correctly.
V-6239 Medium The IE warning about certificate address mismatch must be enforced.
V-6243 Medium The Download signed ActiveX controls property must be disallowed (Internet zone).
V-6228 Medium The IE home page is not set to blank or a trusted site.
V-6304 Medium Navigating windows and frames across different domains must be disallowed (Restricted Sites zone).
V-6307 Medium Userdata persistence must be disallowed (Restricted Sites zone).
V-22635 Medium .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Internet Zone).
V-22634 Medium Status bar updates via script must be disallowed (Internet zone).
V-22637 Medium Scriptlets must be disallowed (Restricted Site zone).
V-6303 Medium Launching programs and files in IFRAME must be disallowed (Restricted Sites zone).
V-22638 Medium Status bar updates via script must be disallowed (Restricted Site zone).
V-6308 Medium Active scripting must be disallowed (Restricted Sites Zone).
V-6309 Medium Clipboard operations via script must be disallowed (Restricted Sites zone).
V-6244 Medium The Download unsigned ActiveX controls property must be disallowed (Internet zone).
V-3428 Medium Internet Explorer must be configured to disallow users to change policies.
V-3429 Medium Internet Explorer must be set to disallow users to add/delete sites.
V-3427 Medium Internet Explorer must be configured to use machine settings.
V-15604 Medium Internet Explorer Processes for MIME sniffing must be enforced (IExplore).
V-6253 Medium Functionality to drag and drop or copy and paste files must be disallowed (Internet zone).
V-6250 Medium Accessing data sources across domains must be disallowed (Internet zone).
V-15560 Medium .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Restricted Site Zone).
V-6256 Medium Navigating windows and frames across different domains must be disallowed (Internet zone).
V-6255 Medium Launching programs and files in IFRAME must be disallowed (Internet zone).
V-6259 Medium Userdata persistence must be disallowed (Internet zone).
V-7007 Medium Java Permissions must be disallowed (Restricted Sites zone).
V-6311 Medium Logon options must be configured and enforced (Restricted Sites zone).
V-15603 Medium Internet Explorer Processes for MIME sniffing must be enforced (Explorer).
V-15528 Medium Protected Mode must be enforced (Restricted Sites zone).
V-22149 Medium Deleting web sites that the user has visited must be disallowed.
V-22148 Medium Browser must retain history on exit.
V-15545 Medium Allow binary and script behaviors must be disallowed (Restricted Sites zone).
V-15546 Medium Automatic prompting for file downloads must be disallowed (Restricted Sites zone).
V-6245 Medium The Initialize and script ActiveX controls not marked as safe property must be disallowed (Internet zone).
V-15549 Medium Internet Explorer Processes for MIME sniffing must be enforced (Reserved).
V-15548 Medium Internet Explorer Processes for MIME handling must be enforced (Reserved).
V-15527 Medium Protected Mode must be enforced (Internet zone).
V-15526 Medium First-Run Opt-In ability must be disallowed (Restricted Sites zone).
V-15525 Medium First-Run Opt-In ability must be disallowed (Internet zone).
V-15524 Medium MIME sniffing must be disallowed (Restricted Sites zone).
V-15523 Medium MIME sniffing must be disallowed (Internet zone).
V-15522 Medium Loose XAML files must be disallowed (Restricted Sites zone).
V-15521 Medium Loose XAML files must be disallowed (Internet zone).
V-15520 Medium Java permissions must be disallowed (Locked Down Restricted Sites zone).
V-6249 Medium The Java Permissions must be disallowed (Internet zone).
V-6248 Medium Font downloads must be disallowed (Internet zone).
V-15529 Medium Pop-up Blocker must be enforced (Internet zone).
V-32808 Medium Check for publishers certificate revocation must be enforced.
V-22154 Medium Launching programs and unsafe files property must be set to prompt (Internet zone).
V-22155 Medium ActiveX controls without prompt property must be used in approved domains only (Internet zone).
V-22156 Medium Cross-Site Scripting (XSS) Filter must be enforced (Internet zone).
V-22157 Medium Scripting of Internet Explorer Web Browser Control must be disallowed (Restricted Sites zone).
V-22150 Medium InPrivate Browsing must be disallowed.
V-22152 Medium Scripting of Internet Explorer web browser control property must be disallowed (Internet zone).
V-22153 Medium When uploading files to a server, the local directory path must be excluded (Internet zone).
V-22158 Medium When uploading files to a server, the local directory path must be excluded (Restricted Sites zone).
V-22159 Medium Launching programs and unsafe files property must be set to prompt (Restricted Site zone).
V-15492 Medium Participation in the Customer Experience Improvement Program must be disallowed.
V-15490 Medium Automatic configuration of Internet Explorer must be disallowed.
V-15497 Medium Active content from CDs must be disallowed to run on user machines.
V-15494 Medium Security checking features must be enforced.
V-15499 Medium Software must be disallowed to run or install with invalid signatures.
V-15552 Medium Internet Explorer Processes for Zone Elevation must be enforced (Reserved).
V-15550 Medium Internet Explorer Processes for MK protocol must be enforced (Explorer).
V-15551 Medium Internet Explorer Processes for MK protocol must be enforced (IExplore).
V-15556 Medium Internet Explorer Processes for Restrict File Download must be enforced (Reserved).
V-15557 Medium Internet Explorer Processes for Restrict File Download must be enforced (Explorer).
V-15558 Medium Internet Explorer Processes for Restrict File Download must be enforced (IExplore).
V-15559 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (Reserved).
V-30780 Medium Internet Explorer Processes for notification bars must be enforced (Explorer).
V-30781 Medium Internet Explorer Processes for notification bars must be enforced (IExplore).
V-15534 Medium Web sites in less privileged web content zones must be disallowed to navigate into the Restricted Site zone.
V-15530 Medium Pop-up Blocker must be enforced (Restricted Sites zone).
V-15533 Medium Web sites in less privileged web content zones must be disallowed to navigate into the Internet zone.
V-22161 Medium Cross-Site Scripting (XSS) Filter property must be enforced (Restricted Site zone).
V-22160 Medium ActiveX controls without prompt property must be used in approved domains only (Restricted Site zone).
V-30777 Medium Automatic checking for Internet Explorer updates must be disallowed.
V-30776 Medium Suggested Sites functionality must be disallowed.
V-30775 Medium Browser Geolocation functionality must be disallowed.
V-30774 Medium Add-on performance notifications must be disallowed.
V-30779 Medium Internet Explorer Processes for notification bars must be enforced (Reserved).
V-30778 Medium ActiveX opt-in prompt must be disallowed.
V-17296 Medium First Run Customize settings must be enabled as home page.
V-21887 Medium Configuring History setting must be set to 40 days.
V-14245 Low Ability for users to enable or disable add-ons must be enforced.
V-3430 Low Internet Explorer must be configured to make Proxy settings per user.
V-22147 Low Updates to web site lists from Microsoft must be disallowed.