DTBI014-IE11 - Turn off Encryption Support must be enabled.
Information
This parameter ensures only DoD-approved ciphers and algorithms are enabled for use by the web browser by allowing you to turn on/off support for TLS and SSL. TLS is a protocol for protecting communications between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each other's list of supported protocols and versions and pick the most preferred match.Satisfies: SRG-APP-000514, SRG-APP-000555, SRG-APP-000625, SRG-APP-000630, SRG-APP-000635
Solution
Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Advanced Page >> 'Turn off Encryption Support' to 'Enabled'.Select only 'Only use TLS 1.2' from the drop-down box.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IE11_V2R1_STIG.zip
Item Details
Audit Name: DISA STIG IE 11 v2r1
Category: SYSTEM AND COMMUNICATIONS PROTECTION
References: 800-53|SC-13, CAT|II, CCI|CCI-002450, Rule-ID|SV-250540r804978_rule, STIG-ID|DTBI014-IE11, STIG-Legacy|SV-59337, STIG-Legacy|V-46473, Vuln-ID|V-250540
Plugin: Windows
Control ID: a849de1d3f7eabf5f00fdc9c32553b3620eeb2cb226e0d5427d30f3964122374