DISA STIG IE 11 v2r1

Audit Details

Name: DISA STIG IE 11 v2r1

Updated: 4/25/2022

Authority: DISA STIG

Plugin: Windows

Revision: 1.1

Estimated Item Count: 138

File Details

Filename: DISA_STIG_Microsoft_Internet_Explorer_11_v2r1.audit

Size: 268 kB

MD5: 911882c2c8ff6feb78d2987864e3b998
SHA256: 0a0001b28c5e4fa944ca1345ed2307cfc71411ff328abb37fcf5577747a608d1

Audit Items

DescriptionCategories
DISA_STIG_Microsoft_Internet_Explorer_11_v2r1.audit from DISA Microsoft Internet Explorer 11 v2r1 STIG
DTBI014-IE11 - Turn off Encryption Support must be enabled.

SYSTEM AND COMMUNICATIONS PROTECTION

DTBI015-IE11 - The Internet Explorer warning about certificate address mismatch must be enforced.

CONFIGURATION MANAGEMENT

DTBI018-IE11 - Check for publishers certificate revocation must be enforced.

IDENTIFICATION AND AUTHENTICATION

DTBI022-IE11 - The Download signed ActiveX controls property must be disallowed (Internet zone).

SYSTEM AND COMMUNICATIONS PROTECTION

DTBI023-IE11 - The Download unsigned ActiveX controls property must be disallowed (Internet zone).

SYSTEM AND COMMUNICATIONS PROTECTION

DTBI024-IE11 - The Initialize and script ActiveX controls not marked as safe property must be disallowed (Internet zone).

SYSTEM AND COMMUNICATIONS PROTECTION

DTBI031-IE11 - The Java permissions must be disallowed (Internet zone).

CONFIGURATION MANAGEMENT

DTBI032-IE11 - Accessing data sources across domains must be disallowed (Internet zone).

ACCESS CONTROL

DTBI036-IE11 - Functionality to drag and drop or copy and paste files must be disallowed (Internet zone).

CONFIGURATION MANAGEMENT

DTBI038-IE11 - Launching programs and files in IFRAME must be disallowed (Internet zone).

CONFIGURATION MANAGEMENT

DTBI039-IE11 - Navigating windows and frames across different domains must be disallowed (Internet zone).

ACCESS CONTROL

DTBI042-IE11 - Userdata persistence must be disallowed (Internet zone).

SYSTEM AND COMMUNICATIONS PROTECTION

DTBI044-IE11 - Clipboard operations via script must be disallowed (Internet zone).

CONFIGURATION MANAGEMENT

DTBI046-IE11 - Logon options must be configured to prompt (Internet zone).

SYSTEM AND COMMUNICATIONS PROTECTION

DTBI061-IE11 - Java permissions must be configured with High Safety (Intranet zone).

CONFIGURATION MANAGEMENT

DTBI062-IE11 - Anti-Malware programs against ActiveX controls must be run for the Intranet zone.

SYSTEM AND COMMUNICATIONS PROTECTION

DTBI091-IE11 - Java permissions must be configured with High Safety (Trusted Sites zone).

CONFIGURATION MANAGEMENT

DTBI092-IE11 - Anti-Malware programs against ActiveX controls must be run for the Trusted Sites zone.

SYSTEM AND COMMUNICATIONS PROTECTION

DTBI112-IE11 - The Download signed ActiveX controls property must be disallowed (Restricted Sites zone).

SYSTEM AND COMMUNICATIONS PROTECTION

DTBI113-IE11 - The Download unsigned ActiveX controls property must be disallowed (Restricted Sites zone).

SYSTEM AND COMMUNICATIONS PROTECTION

DTBI114-IE11 - The Initialize and script ActiveX controls not marked as safe property must be disallowed (Restricted Sites zone).

SYSTEM AND COMMUNICATIONS PROTECTION

DTBI115-IE11 - ActiveX controls and plug-ins must be disallowed (Restricted Sites zone).

CONFIGURATION MANAGEMENT

DTBI116-IE11 - ActiveX controls marked safe for scripting must be disallowed (Restricted Sites zone).

SYSTEM AND COMMUNICATIONS PROTECTION

DTBI119-IE11 - File downloads must be disallowed (Restricted Sites zone).

CONFIGURATION MANAGEMENT

DTBI121-IE11 - Java permissions must be disallowed (Restricted Sites zone).

CONFIGURATION MANAGEMENT

DTBI122-IE11 - Accessing data sources across domains must be disallowed (Restricted Sites zone).

ACCESS CONTROL

DTBI123-IE11 - The Allow META REFRESH property must be disallowed (Restricted Sites zone).

CONFIGURATION MANAGEMENT

DTBI126-IE11 - Functionality to drag and drop or copy and paste files must be disallowed (Restricted Sites zone).

CONFIGURATION MANAGEMENT

DTBI128-IE11 - Launching programs and files in IFRAME must be disallowed (Restricted Sites zone).

CONFIGURATION MANAGEMENT

DTBI129-IE11 - Navigating windows and frames across different domains must be disallowed (Restricted Sites zone).

ACCESS CONTROL

DTBI132-IE11 - Userdata persistence must be disallowed (Restricted Sites zone).

SYSTEM AND COMMUNICATIONS PROTECTION

DTBI133-IE11 - Active scripting must be disallowed (Restricted Sites Zone).

CONFIGURATION MANAGEMENT

DTBI134-IE11 - Clipboard operations via script must be disallowed (Restricted Sites zone).

CONFIGURATION MANAGEMENT

DTBI136-IE11 - Logon options must be configured and enforced (Restricted Sites zone).

SYSTEM AND COMMUNICATIONS PROTECTION

DTBI300-IE11 - Configuring History setting must be set to 40 days.

AUDIT AND ACCOUNTABILITY

DTBI318-IE11 - Internet Explorer must be set to disallow users to add/delete sites.

CONFIGURATION MANAGEMENT

DTBI319-IE11 - Internet Explorer must be configured to disallow users to change policies.

CONFIGURATION MANAGEMENT

DTBI320-IE11 - Internet Explorer must be configured to use machine settings.

CONFIGURATION MANAGEMENT

DTBI325-IE11 - Security checking features must be enforced.

CONFIGURATION MANAGEMENT

DTBI350-IE11 - Software must be disallowed to run or install with invalid signatures.

SYSTEM AND COMMUNICATIONS PROTECTION

DTBI356-IE11 - The 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows, must be turned on.

SYSTEM AND COMMUNICATIONS PROTECTION

DTBI365-IE11 - Checking for server certificate revocation must be enforced.

IDENTIFICATION AND AUTHENTICATION

DTBI370-IE11 - Checking for signatures on downloaded programs must be enforced.

CONFIGURATION MANAGEMENT

DTBI375-IE11 - All network paths (UNCs) for Intranet sites must be disallowed.

CONFIGURATION MANAGEMENT

DTBI385-IE11 - Script-initiated windows without size or position constraints must be disallowed (Internet zone).

CONFIGURATION MANAGEMENT

DTBI390-IE11 - Script-initiated windows without size or position constraints must be disallowed (Restricted Sites zone).

CONFIGURATION MANAGEMENT

DTBI395-IE11 - Scriptlets must be disallowed (Internet zone).

CONFIGURATION MANAGEMENT

DTBI415-IE11 - Automatic prompting for file downloads must be disallowed (Internet zone).

CONFIGURATION MANAGEMENT

DTBI425-IE11 - Java permissions must be disallowed (Local Machine zone).

CONFIGURATION MANAGEMENT