Prevent the Deletion of Browsing Data
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-57671 | DTBF-0026 | SV-72081r1_rule | Medium |
| Description |
|---|
| When a browser accesses a website, a record containing history data must be made that attributes the access to a user and contains, at a minimum, the URL of the site visited and the time and date of the visit. If site visit information is not maintained then this circumvents the security requirements which specify that all user activity must be attributable to the individual user. |
| STIG | Date |
|---|---|
| Mozilla Firefox | 2017-03-22 |
Details
| Check Text ( C-58493r2_chk ) |
|---|
| Procedure: In about:config, verify that the setting for the following Preference names are set and locked. “privacy.item.history”, set to “false”; “privacy.item.cache”, set to “false”. Criteria: If the values of the listed Preferences are not set and locked to these settings, then this is a finding. |
| Fix Text (F-62873r1_fix) |
|---|
| Set and lock the following preferences using the “Mozilla.cfg” file: “privacy.item.history”, set to “false”; “privacy.item.cache”, set to “false”. |