| 1.1 Set 'Turn on Enhanced Protected Mode' to 'Enabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2 Set 'Allow software to run or install even if the signature is invalid' to 'Disabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3 Set 'Prevent Bypassing SmartScreen Filter Warnings' to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.4 Set 'Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet' to 'Enabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5 Configure 'Do not allow users to enable or disable add-ons' | ACCESS CONTROL |
| 1.6 Set 'Disable Save this program to disk option' to 'Enabled' | ACCESS CONTROL |
| 2.1 Set 'Prevent per-user installation of ActiveX controls' to 'Enabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2 Set 'Specify use of ActiveX Installer Service for installation of ActiveX controls' to 'Enabled' | CONFIGURATION MANAGEMENT |
| 2.3 Set 'Turn on ActiveX Filtering' to 'Enabled' | CONFIGURATION MANAGEMENT |
| 2.4 Set 'Turn off ActiveX opt-in prompt' to 'Disabled' | CONFIGURATION MANAGEMENT |
| 2.5 Set 'Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled' to 'Enabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Configure 'Prevent deleting websites that the user has visited' | ACCESS CONTROL |
| 3.2 Configure 'Prevent Deleting Cookies' | ACCESS CONTROL |
| 3.3 Set 'Disable 'Configuring History' to 'Enabled' | AUDIT AND ACCOUNTABILITY |
| 3.4 Set 'Days to keep pages in History' to '40' | CONFIGURATION MANAGEMENT |
| 3.5 Configure 'Prevent Deleting Temporary Internet Files' | ACCESS CONTROL |
| 3.6 Configure 'Allow deleting browsing history on exit' | CONFIGURATION MANAGEMENT |
| 3.7 Set 'Prevent access to Delete Browsing History' to 'Enabled' | ACCESS CONTROL |
| 3.8 Configure 'Turn off InPrivate Browsing' | CONFIGURATION MANAGEMENT |
| 4.1 Configure 'URL to be displayed for updates:' | SYSTEM AND INFORMATION INTEGRITY |
| 4.2 Set 'Update check interval (in days):' to 'Enabled:30' | SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Configure 'Automatically check for Internet Explorer updates' | SYSTEM AND INFORMATION INTEGRITY |
| 4.4 Configure 'Install new versions of Internet Explorer automatically' | SYSTEM AND INFORMATION INTEGRITY |
| 5.1 Set 'Turn off Encryption Support' to 'Use TLS 1.1 and TLS 1.2' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2 Set 'Check for server certificate revocation' to 'Enabled' | IDENTIFICATION AND AUTHENTICATION |
| 5.3 Set 'Check for signatures on downloaded programs' to 'Enabled' | CONFIGURATION MANAGEMENT |
| 5.4 Set 'Turn on certificate address mismatch warning' to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 5.5 Set 'Prevent ignoring certificate errors' to 'Enabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.6 Set 'Disable changing certificate settings' to 'Enabled' | ACCESS CONTROL |
| 6.1 Set 'Turn off browser geolocation' to 'Enabled' | CONFIGURATION MANAGEMENT |
| 6.2 Configure 'Turn off URL Suggestions' | CONFIGURATION MANAGEMENT |
| 6.3 Configure 'Prevent participation in the Customer Experience Improvement Program' | CONFIGURATION MANAGEMENT |
| 6.4 Configure 'Turn on Suggested Sites' | CONFIGURATION MANAGEMENT |
| 7.1 Set 'Restrict ActiveX Install' to 'Enabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Set 'Scripted Window Security Restrictions' to 'Enabled' | CONFIGURATION MANAGEMENT |
| 7.3 Set 'Mime Sniffing Safety Feature' to 'Enabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Set 'Notification bar' to 'Enabled' | CONFIGURATION MANAGEMENT |
| 7.5 Set 'MK Protocol Security Restriction' to 'Enabled' | CONFIGURATION MANAGEMENT |
| 7.6 Set 'Consistent Mime Handling' to 'Enabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.7 Set 'Restrict File Download' to 'Enabled' | CONFIGURATION MANAGEMENT |
| 7.8 Set 'Protection From Zone Elevation' to 'Enabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1.1 Set 'Java permissions' to 'Enabled:Disable Java' | CONFIGURATION MANAGEMENT |
| 8.1.2 Set 'Allow paste operations via script' to 'Enabled:Disable' | CONFIGURATION MANAGEMENT |
| 8.1.3 Set 'Protected Mode' to 'Enabled:Enable' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1.4 Set 'Turn on Cross-Site Scripting (XSS) Filter' to 'Enabled:Enable' | CONFIGURATION MANAGEMENT |
| 8.1.5 Set 'Run .NET Framework-reliant components signed with Authenticode' to 'Enabled:Disable' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1.6 Set 'Use Pop-up Blocker' to 'Enabled:Enable' | CONFIGURATION MANAGEMENT |
| 8.1.7 Set 'Scriptlets' to 'Enabled:Disable' | CONFIGURATION MANAGEMENT |
| 8.1.8 Set 'Only allow approved domains to use ActiveX controls without prompt' to 'Enabled:Enable' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1.9 Set 'Allow drag and drop or copy and paste files' to 'Enabled:Disable' | CONFIGURATION MANAGEMENT |
