DISA STIG IE 11 v2r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG IE 11 v2r1

Updated: 10/11/2022

Authority: Operating Systems and Applications

Plugin: Windows

Revision: 1.2

Estimated Item Count: 138

Audit Items

Description	Categories
DISA_STIG_Microsoft_Internet_Explorer_11_v2r1.audit from DISA Microsoft Internet Explorer 11 v2r1 STIG
DTBI014-IE11 - Turn off Encryption Support must be enabled.	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI015-IE11 - The Internet Explorer warning about certificate address mismatch must be enforced.	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI018-IE11 - Check for publishers certificate revocation must be enforced.	IDENTIFICATION AND AUTHENTICATION
DTBI022-IE11 - The Download signed ActiveX controls property must be disallowed (Internet zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI023-IE11 - The Download unsigned ActiveX controls property must be disallowed (Internet zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI024-IE11 - The Initialize and script ActiveX controls not marked as safe property must be disallowed (Internet zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI031-IE11 - The Java permissions must be disallowed (Internet zone).	ACCESS CONTROL
DTBI032-IE11 - Accessing data sources across domains must be disallowed (Internet zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI036-IE11 - Functionality to drag and drop or copy and paste files must be disallowed (Internet zone).	CONFIGURATION MANAGEMENT
DTBI038-IE11 - Launching programs and files in IFRAME must be disallowed (Internet zone).	SYSTEM AND INFORMATION INTEGRITY
DTBI039-IE11 - Navigating windows and frames across different domains must be disallowed (Internet zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI042-IE11 - Userdata persistence must be disallowed (Internet zone).	ACCESS CONTROL
DTBI044-IE11 - Clipboard operations via script must be disallowed (Internet zone).	CONFIGURATION MANAGEMENT
DTBI046-IE11 - Logon options must be configured to prompt (Internet zone).	ACCESS CONTROL
DTBI061-IE11 - Java permissions must be configured with High Safety (Intranet zone).	ACCESS CONTROL
DTBI062-IE11 - Anti-Malware programs against ActiveX controls must be run for the Intranet zone.	SYSTEM AND INFORMATION INTEGRITY
DTBI091-IE11 - Java permissions must be configured with High Safety (Trusted Sites zone).	ACCESS CONTROL
DTBI092-IE11 - Anti-Malware programs against ActiveX controls must be run for the Trusted Sites zone.	SYSTEM AND INFORMATION INTEGRITY
DTBI112-IE11 - The Download signed ActiveX controls property must be disallowed (Restricted Sites zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI113-IE11 - The Download unsigned ActiveX controls property must be disallowed (Restricted Sites zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI114-IE11 - The Initialize and script ActiveX controls not marked as safe property must be disallowed (Restricted Sites zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI115-IE11 - ActiveX controls and plug-ins must be disallowed (Restricted Sites zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI116-IE11 - ActiveX controls marked safe for scripting must be disallowed (Restricted Sites zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI119-IE11 - File downloads must be disallowed (Restricted Sites zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI121-IE11 - Java permissions must be disallowed (Restricted Sites zone).	ACCESS CONTROL
DTBI122-IE11 - Accessing data sources across domains must be disallowed (Restricted Sites zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI123-IE11 - The Allow META REFRESH property must be disallowed (Restricted Sites zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI126-IE11 - Functionality to drag and drop or copy and paste files must be disallowed (Restricted Sites zone).	CONFIGURATION MANAGEMENT
DTBI128-IE11 - Launching programs and files in IFRAME must be disallowed (Restricted Sites zone).	SYSTEM AND INFORMATION INTEGRITY
DTBI129-IE11 - Navigating windows and frames across different domains must be disallowed (Restricted Sites zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI132-IE11 - Userdata persistence must be disallowed (Restricted Sites zone).	ACCESS CONTROL
DTBI133-IE11 - Active scripting must be disallowed (Restricted Sites Zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI134-IE11 - Clipboard operations via script must be disallowed (Restricted Sites zone).	CONFIGURATION MANAGEMENT
DTBI136-IE11 - Logon options must be configured and enforced (Restricted Sites zone).	ACCESS CONTROL
DTBI300-IE11 - Configuring History setting must be set to 40 days.	CONFIGURATION MANAGEMENT
DTBI318-IE11 - Internet Explorer must be set to disallow users to add/delete sites.	CONFIGURATION MANAGEMENT
DTBI319-IE11 - Internet Explorer must be configured to disallow users to change policies.	CONFIGURATION MANAGEMENT
DTBI320-IE11 - Internet Explorer must be configured to use machine settings.	ACCESS CONTROL
DTBI325-IE11 - Security checking features must be enforced.	CONFIGURATION MANAGEMENT
DTBI350-IE11 - Software must be disallowed to run or install with invalid signatures.	CONFIGURATION MANAGEMENT
DTBI356-IE11 - The 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows, must be turned on.	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI365-IE11 - Checking for server certificate revocation must be enforced.	IDENTIFICATION AND AUTHENTICATION
DTBI370-IE11 - Checking for signatures on downloaded programs must be enforced.	SYSTEM AND INFORMATION INTEGRITY
DTBI375-IE11 - All network paths (UNCs) for Intranet sites must be disallowed.	CONFIGURATION MANAGEMENT
DTBI385-IE11 - Script-initiated windows without size or position constraints must be disallowed (Internet zone).	CONFIGURATION MANAGEMENT
DTBI390-IE11 - Script-initiated windows without size or position constraints must be disallowed (Restricted Sites zone).	CONFIGURATION MANAGEMENT
DTBI395-IE11 - Scriptlets must be disallowed (Internet zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI415-IE11 - Automatic prompting for file downloads must be disallowed (Internet zone).	CONFIGURATION MANAGEMENT
DTBI425-IE11 - Java permissions must be disallowed (Local Machine zone).	ACCESS CONTROL

Detections

Analytics

DISA STIG IE 11 v2r1

Warning! Audit Deprecated

Audit Details

Audit Items