1.1.57 Ensure 'Enable site isolation for every site' is set to 'Enabled'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This policy setting ensures that each website runs in its own process so that a site will not be able to utilize or take data from another running site.

The recommended state for this setting is: Enabled.

Rationale:

Enabling site isolation can help stop sites from inadvertently sharing data with other running sites. This will help protect data from un-trusted sources.

Impact:

None - this is the default behavior.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Enable site isolation for every site

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from Microsoft here.

Default Value:

Enabled.

Note: If this policy is disabled or not configured, a user can opt out of site isolation. (For example, by using 'Disable site isolation' entry in edge://flags.) Disabling the policy or not configuring the policy doesn't turn off Site Isolation.

See Also

https://workbench.cisecurity.org/files/3907