CIS IE 11 v1.0.0

Audit Details

Name: CIS IE 11 v1.0.0

Updated: 4/25/2022

Authority: CIS

Plugin: Windows

Revision: 1.22

Estimated Item Count: 157

File Details

Filename: CIS_IE11_v1.0.0.audit

Size: 330 kB

MD5: d104fa29ab4610c5153f8dd184ff3039
SHA256: a2ee87756b4f4f87bd5e358d4846f29d2d9f6164bb725d36574bb97df132d57d

Audit Items

DescriptionCategories
1.1 Set 'Turn on Enhanced Protected Mode' to 'Enabled'

SYSTEM AND COMMUNICATIONS PROTECTION

1.2 Set 'Allow software to run or install even if the signature is invalid' to 'Disabled'

SYSTEM AND COMMUNICATIONS PROTECTION

1.3 Set 'Prevent Bypassing SmartScreen Filter Warnings' to 'Enabled'
1.4 Set 'Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet' to 'Enabled'

SYSTEM AND COMMUNICATIONS PROTECTION

1.5 Configure 'Do not allow users to enable or disable add-ons'

ACCESS CONTROL

1.6 Set 'Disable Save this program to disk option' to 'Enabled'

ACCESS CONTROL

2.1 Set 'Prevent per-user installation of ActiveX controls' to 'Enabled'

SYSTEM AND COMMUNICATIONS PROTECTION

2.2 Set 'Specify use of ActiveX Installer Service for installation of ActiveX controls' to 'Enabled'

CONFIGURATION MANAGEMENT

2.3 Set 'Turn on ActiveX Filtering' to 'Enabled'

CONFIGURATION MANAGEMENT

2.4 Set 'Turn off ActiveX opt-in prompt' to 'Disabled'

CONFIGURATION MANAGEMENT

2.5 Set 'Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled' to 'Enabled'

SYSTEM AND COMMUNICATIONS PROTECTION

3.1 Configure 'Prevent deleting websites that the user has visited'

ACCESS CONTROL

3.2 Configure 'Prevent Deleting Cookies'

ACCESS CONTROL

3.3 Set 'Disable 'Configuring History' to 'Enabled'

AUDIT AND ACCOUNTABILITY

3.4 Set 'Days to keep pages in History' to '40'

CONFIGURATION MANAGEMENT

3.5 Configure 'Prevent Deleting Temporary Internet Files'

ACCESS CONTROL

3.6 Configure 'Allow deleting browsing history on exit'

CONFIGURATION MANAGEMENT

3.7 Set 'Prevent access to Delete Browsing History' to 'Enabled'

ACCESS CONTROL

3.8 Configure 'Turn off InPrivate Browsing'

CONFIGURATION MANAGEMENT

4.1 Configure 'URL to be displayed for updates:'

SYSTEM AND INFORMATION INTEGRITY

4.2 Set 'Update check interval (in days):' to 'Enabled:30'

SYSTEM AND INFORMATION INTEGRITY

4.3 Configure 'Automatically check for Internet Explorer updates'

SYSTEM AND INFORMATION INTEGRITY

4.4 Configure 'Install new versions of Internet Explorer automatically'

SYSTEM AND INFORMATION INTEGRITY

5.1 Set 'Turn off Encryption Support' to 'Use TLS 1.1 and TLS 1.2'

SYSTEM AND COMMUNICATIONS PROTECTION

5.2 Set 'Check for server certificate revocation' to 'Enabled'

IDENTIFICATION AND AUTHENTICATION

5.3 Set 'Check for signatures on downloaded programs' to 'Enabled'

CONFIGURATION MANAGEMENT

5.4 Set 'Turn on certificate address mismatch warning' to 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

5.5 Set 'Prevent ignoring certificate errors' to 'Enabled'

SYSTEM AND COMMUNICATIONS PROTECTION

5.6 Set 'Disable changing certificate settings' to 'Enabled'

ACCESS CONTROL

6.1 Set 'Turn off browser geolocation' to 'Enabled'

CONFIGURATION MANAGEMENT

6.2 Configure 'Turn off URL Suggestions'

CONFIGURATION MANAGEMENT

6.3 Configure 'Prevent participation in the Customer Experience Improvement Program'

CONFIGURATION MANAGEMENT

6.4 Configure 'Turn on Suggested Sites'

CONFIGURATION MANAGEMENT

7.1 Set 'Restrict ActiveX Install' to 'Enabled'

SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Set 'Scripted Window Security Restrictions' to 'Enabled'

CONFIGURATION MANAGEMENT

7.3 Set 'Mime Sniffing Safety Feature' to 'Enabled'

SYSTEM AND COMMUNICATIONS PROTECTION

7.4 Set 'Notification bar' to 'Enabled'

CONFIGURATION MANAGEMENT

7.5 Set 'MK Protocol Security Restriction' to 'Enabled'

CONFIGURATION MANAGEMENT

7.6 Set 'Consistent Mime Handling' to 'Enabled'

SYSTEM AND COMMUNICATIONS PROTECTION

7.7 Set 'Restrict File Download' to 'Enabled'

CONFIGURATION MANAGEMENT

7.8 Set 'Protection From Zone Elevation' to 'Enabled'

SYSTEM AND COMMUNICATIONS PROTECTION

8.1.1 Set 'Java permissions' to 'Enabled:Disable Java'

CONFIGURATION MANAGEMENT

8.1.2 Set 'Allow paste operations via script' to 'Enabled:Disable'

CONFIGURATION MANAGEMENT

8.1.3 Set 'Protected Mode' to 'Enabled:Enable'

SYSTEM AND COMMUNICATIONS PROTECTION

8.1.4 Set 'Turn on Cross-Site Scripting (XSS) Filter' to 'Enabled:Enable'

CONFIGURATION MANAGEMENT

8.1.5 Set 'Run .NET Framework-reliant components signed with Authenticode' to 'Enabled:Disable'

SYSTEM AND COMMUNICATIONS PROTECTION

8.1.6 Set 'Use Pop-up Blocker' to 'Enabled:Enable'

CONFIGURATION MANAGEMENT

8.1.7 Set 'Scriptlets' to 'Enabled:Disable'

CONFIGURATION MANAGEMENT

8.1.8 Set 'Only allow approved domains to use ActiveX controls without prompt' to 'Enabled:Enable'

SYSTEM AND COMMUNICATIONS PROTECTION

8.1.9 Set 'Allow drag and drop or copy and paste files' to 'Enabled:Disable'

CONFIGURATION MANAGEMENT