UCF STIG Viewer Logo

Browser Geolocation functionality must be disallowed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-30775 DTBI755 SV-40757r1_rule ECSC-1 Medium
Description
This setting has a small impact on user privacy because users may unknowingly allow their browser to share location data with web sites that they visit. The value of enabling this setting is diminished due to the fact that malicious web sites can learn a great deal about the location of a user merely by analyzing their IP address. If you enable this policy setting, browser geolocation support will be turned off. If you disable this policy setting, browser geolocation will be turned on. If you do not configure this setting, browser geolocation support can be turned on or off in Internet Options on the Privacy Tab.
STIG Date
Microsoft Internet Explorer 9 Security Technical Implementation Guide 2015-12-17

Details

Check Text ( C-39502r2_chk )
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> "Disable Browser Geolocation" must be “Enabled”.

Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Internet Explorer\Geolocation

Criteria: If the value PolicyDisableGeolocation is REG_DWORD = 1, this is not a finding.
Fix Text (F-34708r1_fix)
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> "Disable Browser Geolocation" to “Enabled”.