DISA STIG IE 11 v2r2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG IE 11 v2r2

Updated: 3/8/2023

Authority: Operating Systems and Applications

Plugin: Windows

Revision: 1.2

Estimated Item Count: 139

Audit Items

DescriptionCategories
DISA_STIG_Microsoft_Internet_Explorer_11_v2r2.audit from DISA Microsoft Internet Explorer 11 v2r2 STIG
DTBI014-IE11 - Turn off Encryption Support must be enabled.
DTBI015-IE11 - The Internet Explorer warning about certificate address mismatch must be enforced.
DTBI018-IE11 - Check for publishers certificate revocation must be enforced.
DTBI022-IE11 - The Download signed ActiveX controls property must be disallowed (Internet zone).
DTBI023-IE11 - The Download unsigned ActiveX controls property must be disallowed (Internet zone).
DTBI024-IE11 - The Initialize and script ActiveX controls not marked as safe property must be disallowed (Internet zone).
DTBI031-IE11 - The Java permissions must be disallowed (Internet zone).
DTBI032-IE11 - Accessing data sources across domains must be disallowed (Internet zone).
DTBI036-IE11 - Functionality to drag and drop or copy and paste files must be disallowed (Internet zone).
DTBI038-IE11 - Launching programs and files in IFRAME must be disallowed (Internet zone).
DTBI039-IE11 - Navigating windows and frames across different domains must be disallowed (Internet zone).
DTBI042-IE11 - Userdata persistence must be disallowed (Internet zone).
DTBI044-IE11 - Clipboard operations via script must be disallowed (Internet zone).
DTBI046-IE11 - Logon options must be configured to prompt (Internet zone).
DTBI061-IE11 - Java permissions must be configured with High Safety (Intranet zone).
DTBI062-IE11 - Anti-Malware programs against ActiveX controls must be run for the Intranet zone.
DTBI091-IE11 - Java permissions must be configured with High Safety (Trusted Sites zone).
DTBI092-IE11 - Anti-Malware programs against ActiveX controls must be run for the Trusted Sites zone.
DTBI112-IE11 - The Download signed ActiveX controls property must be disallowed (Restricted Sites zone).
DTBI113-IE11 - The Download unsigned ActiveX controls property must be disallowed (Restricted Sites zone).
DTBI114-IE11 - The Initialize and script ActiveX controls not marked as safe property must be disallowed (Restricted Sites zone).
DTBI115-IE11 - ActiveX controls and plug-ins must be disallowed (Restricted Sites zone).
DTBI116-IE11 - ActiveX controls marked safe for scripting must be disallowed (Restricted Sites zone).
DTBI119-IE11 - File downloads must be disallowed (Restricted Sites zone).
DTBI121-IE11 - Java permissions must be disallowed (Restricted Sites zone).
DTBI122-IE11 - Accessing data sources across domains must be disallowed (Restricted Sites zone).
DTBI123-IE11 - The Allow META REFRESH property must be disallowed (Restricted Sites zone).
DTBI126-IE11 - Functionality to drag and drop or copy and paste files must be disallowed (Restricted Sites zone).
DTBI128-IE11 - Launching programs and files in IFRAME must be disallowed (Restricted Sites zone).
DTBI129-IE11 - Navigating windows and frames across different domains must be disallowed (Restricted Sites zone).
DTBI132-IE11 - Userdata persistence must be disallowed (Restricted Sites zone).
DTBI133-IE11 - Active scripting must be disallowed (Restricted Sites Zone).
DTBI134-IE11 - Clipboard operations via script must be disallowed (Restricted Sites zone).
DTBI136-IE11 - Logon options must be configured and enforced (Restricted Sites zone).
DTBI300-IE11 - Configuring History setting must be set to 40 days.
DTBI318-IE11 - Internet Explorer must be set to disallow users to add/delete sites.
DTBI319-IE11 - Internet Explorer must be configured to disallow users to change policies.
DTBI320-IE11 - Internet Explorer must be configured to use machine settings.
DTBI325-IE11 - Security checking features must be enforced.
DTBI350-IE11 - Software must be disallowed to run or install with invalid signatures.
DTBI356-IE11 - The 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows, must be turned on.
DTBI365-IE11 - Checking for server certificate revocation must be enforced.
DTBI370-IE11 - Checking for signatures on downloaded programs must be enforced.
DTBI375-IE11 - All network paths (UNCs) for Intranet sites must be disallowed.
DTBI385-IE11 - Script-initiated windows without size or position constraints must be disallowed (Internet zone).
DTBI390-IE11 - Script-initiated windows without size or position constraints must be disallowed (Restricted Sites zone).
DTBI395-IE11 - Scriptlets must be disallowed (Internet zone).
DTBI415-IE11 - Automatic prompting for file downloads must be disallowed (Internet zone).
DTBI425-IE11 - Java permissions must be disallowed (Local Machine zone).