Microsoft IE Version 6

U_Microsoft_IE6_V4R10_STIG_Manual-xccdf.xml

Details

Version / Release: V4R10

Published: 2014-07-03

Updated At: 2018-09-23 04:53:35

Actions

Download

Filter

Vuln Rule Version CCI Severity Title Description
SV-3427r1_rule DTBI320 MEDIUM Internet Explorer is not configured to require consistent security zone settings to all users. This setting enforces consistent security zone settings to all users of the computer. Security Zones control browser behavior at various web sites and it is desirable to maintain a consistent policy for all users of a machine.HKSystem AdministratorECSC-1
SV-3428r1_rule DTBI319 MEDIUM Internet Explorer is configured to Allow Users to Change Policies. This setting prevents users from changing the Internet Explorer policies on the machine. Policy changes should be made by Administrators only, so this setting should be Enabled.HKSystem AdministratorECSC-1
SV-3429r1_rule DTBI318 MEDIUM Internet Explorer is configured to Allow Users to Add/Delete Sites. This setting prevents users from adding sites to various security zones. Users should not be able to add sites to different zones, as this could allow them to bypass security controls of the system.HKSystem AdministratorECSC-1
SV-3430r1_rule DTBI367 LOW Internet Explorer is not configured to disable making Proxy Settings Per Machine. This setting controls whether or not the Internet Explorer proxy settings are configured on a per-user or per-machine basis.System AdministratorECSC-1
SV-3431r1_rule DTBI316 MEDIUM Internet Explorer is configured to allow Automatic Install of components. This setting controls the ability of Internet Explorer to automatically install components if it goes to a site that requires components that are not currently installed. The System Administrator should install all components on the system. If additional components are necessary, the user should inform the SA and have the SA install the components.HKSystem AdministratorDCSL-1
SV-3432r1_rule DTBI317 MEDIUM Internet Explorer is configured to automatically check for updates. This setting determines whether or not Internet Explorer will periodically check the Microsoft web sites to determine if there are updates to Internet Explorer available. The SA should manually install all updates on a system so that configuration control is maintained.HKSystem AdministratorDCSL-1
SV-3433r1_rule DTBI137 LOW Internet Explorer is configured to notify users when programs are modified through the software distribution channel. Microsoft Internet Explorer now supports a software distribution channel that may be used to update software installed on a machine. If this setting is enabled, users will not be notified when programs are modified through the software distribution channel. This allows administrators to update workstations without user intervention.System AdministratorECSC-1
SV-6277r2_rule DTBG003 HIGH The installed version of IE must be a supported version. Unsupported versions are no longer being evaluated or updated for security related issues.System AdministratorECSC-1
SV-6278r3_rule DTBI001 MEDIUM The IE home page is not set to blank or a trusted site. By setting this parameter appropriately, a malicious web site will not be automatically loaded into a browser which may contain mobile code.System AdministratorDCMC-1
SV-6279r1_rule DTBI002 MEDIUM IE Local zone security parameter is set incorrectly. The Local zone must be set to custom level so the other required settings for the zone can take effect.System AdministratorDCMC-1
SV-6280r1_rule DTBI003 MEDIUM The IE Trusted sites zone security parameter is set incorrectly. The Trusted sites zone must be set to custom level so the other required settings for the zone can take effect.System AdministratorDCMC-1
SV-6281r1_rule DTBI004 MEDIUM The IE Internet zone security parameter is set incorrectly. The Internet zone must be set to custom level so the other required settings for the zone can take effect.System Administrator
SV-6282r1_rule DTBI005 MEDIUM The IE Restricted sites zone security parameter is set incorrectly. The Restricted sites zone must be set to custom level so the other required settings for the zone can take effect.System AdministratorDCMC-1
SV-6283r1_rule DTBI006 MEDIUM The IE Local zone includes parameter is not set correctly. This parameter controls which sites are by default in the local zone. Since this is the least restrictive zone these settings ensure that sites are not included in this zone by default.System AdministratorECSC-1
SV-6284r1_rule DTBI007 MEDIUM The IE third party cookies parameter is not set correctly. This parameter ensures that third party cookies are blocked. Third party cookies come from a site other than the site being browsed. Since these cross sites, the storing unwanted data or allowing data to be retrieved later via the cookie is of greater concern for malicious activity.System AdministratorECSC-1
SV-6286r1_rule DTBI012 MEDIUM The IE signature checking parameter is not set correctly. This parameter will ensure digital signatures are checked on downloaded programs.System AdministratorDCMC-1
SV-6287r1_rule DTBI013 MEDIUM The IE save encrypted pages to disk parameter is not set correctly. This parameter ensures pages using SSL or TLS are not cached to the local drive. This ensures sensitive data from a web site does not remain on the machine that is not properly protected.This will cause the browser's back button to not work for pages that use SSL or TLS.System AdministratorECSC-1
SV-6288r3_rule DTBI014 MEDIUM The Internet Explorer SSL/TLS parameter must be set correctly. This parameter ensures SSL and TLS are able to be used from the browser.System AdministratorECSC-1
SV-6289r2_rule DTBI015 MEDIUM The IE warning of invalid certificates parameter is not set correctly This parameter warns users if the certifcate being presented by the web site is invalid. Since server certificates are used to validate the identity of the web server it is critical to warn the user of a potential issue with the certificate being presented by the web server.System AdministratorECSC-1
SV-6290r1_rule DTBI016 MEDIUM The IE changing zones parameter is not set correctly. This parameter warns the user when changing between zones. This conveys important information to the user so the user is reminded that the zone has changed and the possiblity the type of data to be entered in the site has changed. Also the user expected actions have also changed based upon what happens when a mobile code technology is encountered.System AdministratorDCMC-1
SV-6291r1_rule DTBI017 MEDIUM The IE form redirect parameter is not set correctly. This parameter warns the user that input from the form is being redirected to another web site. Since the form may contain sensitive data the user must be warned that the data is not being directed to the site the user was using. This enables the user to make a decision if the data on the form is appropriate for inclusion into the new web site.System AdministratorECSC-1
SV-6292r1_rule DTBI021 MEDIUM Users can change the advanced settings in IE. Since most of the IE settings can be changed through the GUI, it is important to ensure that user's cannot change these settings. Some settings will restrict users from visiting certain sites or will restrict the functionality of sites. It is important that access to changing the settings is removed.System AdministratorDCMC-1
SV-6293r1_rule DTBI022 MEDIUM The Download signed ActiveX controls property is not set properly for the Internet Zone. Active X controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites.System AdministratorDCMC-1
SV-6294r1_rule DTBI023 MEDIUM The Download unsigned ActiveX controls property is not set properly for the Internet Zone. Active X controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites and they must be digitally signed. System AdministratorDCMC-1
SV-6295r1_rule DTBI024 MEDIUM The Initialize and script ActiveX controls not marked as safe property is not set properly for the Internet Zone. ActiveX controls that are not marked safe scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not marked safe, it should not be initialized and executed.System AdministratorDCMC-1
SV-6296r1_rule DTBI026 MEDIUM The Script ActiveX controls marked safe for scripting property is not set properly for the Internet Zone. ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not marked safe, it should not be initialized and executed.System AdministratorDCMC-1
SV-6300r1_rule DTBI030 MEDIUM The Font download control is not set properly for the Internet Zone. Download of fonts can sometimes contain malicious code. System AdministratorDCMC-1
SV-6301r1_rule DTBI031 MEDIUM The Java Permissions is not set properly for the Internet Zone. Java must have level of protections based upon the site being browsed.System AdministratorDCMC-1
SV-6302r1_rule DTBI032 MEDIUM The Access data sources across domains is not set properly for the Internet Zone. Access to data sources across multiple domains must be controlled based upon the site being browsed.System AdministratorDCMC-1
SV-6303r1_rule DTBI034 MEDIUM The Display mixed content is not set properly for the Internet Zone. Display mixed content must have level of protection based upon the site being browsed.System AdministratorDCMC-1
SV-6304r1_rule DTBI035 MEDIUM The Don't prompt for client certificate selection when no certificate or only one certificate exists is not set properly for the Internet Zone. Client certificates should not be presented to web sites without the user's acknowledgement.System AdministratorECSC-1
SV-6305r1_rule DTBI036 MEDIUM The Allow Drag and drop or copy and paste files is not set properly for the Internet Zone. Drag and Drop or copy and paste files must have level of protection based upon the site being accessed.System AdministratorECSC-1
SV-6306r1_rule DTBI037 MEDIUM The Installation of desktop items is not set properly for the Internet Zone. Installation of items must have level of protection based upon the site being accessed.System AdministratorDCMC-1
SV-6307r1_rule DTBI038 MEDIUM The Launching programs and files in IFRAME is not set properly for the Internet Zone. Launching of programs in IFRAME must have level of protection based upon the site being accessed.System AdministratorDCMC-1
SV-6311r1_rule DTBI039 MEDIUM The Navigate sub-frames across different domains is not set properly for the Internet Zone. Frames that navigate across different domains are a security concern because the user may think they are accessing pages on one site while they are actually accessing pages on another site.System AdministratorECSC-1
SV-6313r1_rule DTBI040 MEDIUM The Software channel permissions is not set properly for the Internet Zone. Software Channel permissions must have level of protection based upon the site being accessed.System AdministratorDCMC-1
SV-6315r1_rule DTBI041 MEDIUM The Submit non-encrypted form data is not set properly for the Internet Zone. The user needs to be prompted before sending information from a browser that is not encrypted.System AdministratorECSC-1
SV-6316r1_rule DTBI042 MEDIUM The Userdata persistence is not set properly for the Internet Zone. Userdata persistence must have level of protection based upon the site being accessed.System AdministratorECSC-1
SV-6318r1_rule DTBI044 MEDIUM The Allow paste operations via script is not set properly for the Internet Zone. Allow paste operations via script must have level of protection based upon the site being accessed.System AdministratorECSC-1
SV-6319r1_rule DTBI045 MEDIUM The Scripting of Java applets is not set properly for the Internet Zone. Java Applets must have level of protection based upon the site being accessed.System AdministratorDCMC-1
SV-6321r1_rule DTBI046 MEDIUM The user Authentication - Logon is not set properly for the Internet Zone. Care must be taken with user credentials and how automatic logons are performed and how default Windows credentials are passed to web sites.System AdministratorECSC-1
SV-6322r1_rule DTBI052 MEDIUM The Download signed ActiveX controls property is not set properly for the Local Zone. Active X controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites.System AdministratorDCMC-1
SV-6324r1_rule DTBI053 MEDIUM The Download unsigned ActiveX controls property is not set properly for the Local Zone. ActiveX controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites and they must be digitally signed.System AdministratorDCMC-1
SV-6325r1_rule DTBI054 MEDIUM The Initialize and script ActiveX controls not marked as safe property is not set properly for the Local Zone. ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not marked safe, it should not be initialized and executed. System AdministratorDCMC-1
SV-6326r1_rule DTBI056 MEDIUM The Script ActiveX controls marked safe for scripting property is not set properly for the Local Zone. ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not marked safe, it should not be initialized and executed. System AdministratorDCMC-1
SV-6327r1_rule DTBI061 MEDIUM The Java Permissions is not set properly for the Local Zone. Java must have level of protection based upon the site being browsed. System AdministratorDCMC-1
SV-6328r1_rule DTBI062 MEDIUM The Access data sources across domains is not set properly for the Local Zone. The user must know when data access crosses sources to ensure the data is being received from a source that is known.ECSC-1
SV-6331r1_rule DTBI065 MEDIUM The Don't prompt for client certificate selection when no certificate or only one certificate exists is not set properly for the Local Zone. Client certificates should not be presented to web sites without the user's acknowledgement.System AdministratorECSC-1
SV-6333r1_rule DTBI067 MEDIUM The Installation of desktop items is not set properly for the Local Zone. Installation of items must have level of protection based upon the site being accessed.System AdministratorDCMC-1
SV-6334r1_rule DTBI068 MEDIUM The Launching programs and files in IFRAME is not set properly for the Local Zone. Launching of programs in IFRAME must have level of protection based upon the site being accessed.System AdministratorDCMC-1
SV-6336r1_rule DTBI070 MEDIUM The Software channel permissions is not set properly for the Local Zone. Software channel permissions must have level of protection based upon the site being accessed.System AdministratorDCMC-1
SV-6337r1_rule DTBI074 MEDIUM The Allow paste operations via script is not set properly for the Local Zone. The Allow paste operations via script must have level of protection based upon the site being accessed.System AdministratorECSC-1
SV-6338r1_rule DTBI076 MEDIUM The User Authentication - Logon is not set properly for the Local Zone. Care must be taken with user credentials and how automatic logons are performed and how default Windows credentials are passed to web sites.System AdministratorECSC-1
SV-6339r1_rule DTBI082 MEDIUM The Download signed ActiveX controls property is not set properly for the Trusted Sites Zone. ActiveX controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites and they must be digitally signed.System AdministratorDCMC-1
SV-6340r1_rule DTBI083 MEDIUM The Download unsigned ActiveX controls property is not set properly for the Trusted Sites Zone. ActiveX controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites and they must be digitally signed.System AdministratorDCMC-1
SV-6341r1_rule DTBI084 MEDIUM The Initialize and script ActiveX controls not marked as safe property is not set properly for the Trusted Sites Zone. ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not marked safe, it should not be initialized and executed.System AdministratorDCMC-1
SV-6342r1_rule DTBI086 MEDIUM The ActiveX controls marked safe for scripting property is not set properly for the Trusted Sites Zone. ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not marked safe, it should not be initialized and executed.System AdministratorDCMC-1
SV-6348r1_rule DTBI091 MEDIUM The Java Permissions is not set properly for the Trusted Sites Zone. Java must have level of protection based upon the site being browsed.System AdministratorDCMC-1
SV-6349r1_rule DTBI092 MEDIUM The Access data sources across domains is not set properly for the Trusted Sites Zone. Access data sources across domains must have level of protection based upon the site being accessed.System AdministratorDCMC-1
SV-6350r1_rule DTBI095 MEDIUM The Don't prompt for client certificate selection when no certificate or only one certificate exists is not set properly for the Trusted Sites Zone. Client certificates should not be presented to web sites without the user's acknowledgement.System AdministratorECSC-1
SV-6351r1_rule DTBI097 MEDIUM The Installation of desktop items is not set properly for the Trusted Sites Zone. Installation of items must have level of protection based upon the site being accessed.System AdministratorDCMC-1
SV-6352r1_rule DTBI098 MEDIUM The Launching programs and files in IFRAME is not set properly for the Trusted Sites Zone. Launching of programs in IFRAME must have level of protection based upon the site being accessed.System AdministratorDCMC-1
SV-6353r1_rule DTBI100 MEDIUM The Software channel permissions is not set properly for the Trusted Sites Zone. The Software channel permissions must have level of protection based upon the site being accessed.System AdministratorDCMC-1
SV-6355r1_rule DTBI104 MEDIUM The Allow paste operations via script is not set properly for the Trusted Sites Zone. Allow paste operations via script must have level of protection based upon the site being accessed.System AdministratorECSC-1
SV-6356r1_rule DTBI106 MEDIUM The User Authentication - Logon is not set properly for the Trusted Sites Zone. Care must be taken with user credentials and how automatic logons are performed and how default Windows credentials are passed to web sites. System AdministratorECSC-1
SV-6357r1_rule DTBI112 MEDIUM The Download signed ActiveX controls property is not set properly for the Restricted Sites Zone. ActiveX controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites.System AdministratorDCMC-1
SV-6358r1_rule DTBI113 MEDIUM The Download unsigned ActiveX controls property is not set properly for the Restricted Sites Zone. ActiveX controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites and they must be digitally signed.System AdministratorDCMC-1
SV-6359r1_rule DTBI114 MEDIUM The Initialize and script ActiveX controls not marked as safe property is not set properly for the Restricted Sites Zone. ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not marked safe, it should not be initialized and executed.System AdministratorDCMC-1
SV-6360r1_rule DTBI115 MEDIUM Run ActiveX controls and plug-ins property is not set properly for the Restricted Sites Zone. ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not marked safe, it should not be initialized and executed.System AdministratorDCMC-1
SV-6361r1_rule DTBI116 MEDIUM The Script ActiveX controls marked safe for scripting property is not set properly for the Restricted Sites Zone. ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not marked safe, it should not be initialized and executed.System AdministratorDCMC-1
SV-6362r1_rule DTBI119 MEDIUM The File download control is not set properly for the Restricted Sites Zone. Files should not be able to be downloaded from sites that are considered restricted.System AdministratorDCMC-1
SV-6363r1_rule DTBI120 MEDIUM The Font download control is not set properly for the Restricted Sites Zone. Download of fonts can sometimes contain malicious code. Files should not be downloaded from restricted sites.System AdministratorDCMC-1
SV-6365r1_rule DTBI122 MEDIUM The Access data sources across domains is not set properly for the Restricted Sites Zone. The restricted zones is used for MS Outlook. This zone must be set properly to ensure Outlook is secured.System AdministratorDCMC-1
SV-6366r1_rule DTBI123 MEDIUM The Allow META REFRESH is not set properly for the Restricted Site Zone. Allow META REFRESH must have level of protection based upon the site being browsed.System AdministratorDCMC-1
SV-6367r1_rule DTBI124 MEDIUM The Display mixed content is not set properly for the Restricted Sites Zone. Mixed content poses a risk when coming from a restricted site. System AdministratorDCMC-1
SV-6369r1_rule DTBI125 MEDIUM The Don’t prompt for client certificate selection when no certificate or only one certificate exists is not set properly for the Restricted Sites Zone. Client certificates should not be presented to web sites without the user's acknowledgement.System AdministratorECSC-1
SV-6370r1_rule DTBI126 MEDIUM The Drag and drop or copy and paste files is not set properly for the Restricted Sites Zone. Drag and Drop of files must have level of protection based upon the site being accessed.System AdministratorECSC-1
SV-6372r1_rule DTBI127 MEDIUM The Installation of desktop items is not set properly for the Restricted Sites Zone. Installation of items must have level of protection based upon the site being accessed. System AdministratorDCMC-1
SV-6373r1_rule DTBI128 MEDIUM The Launching programs and files in IFRAME is not set properly for the Restricted Sites Zone. Launching of programs in IFRAME must have level of protection based upon the site being accessed.System AdministratorDCMC-1
SV-6374r1_rule DTBI129 MEDIUM The Navigate sub-frames across different domains is not set properly for the Restricted Sites Zone. Frames that navigate across different domains are a security concern because the user may think they are accessing pages on one site while they are actually accessing pages on another site. System AdministratorECSC-1
SV-6375r1_rule DTBI130 MEDIUM The Software channel permissions is not set properly for the Restricted Sites Zone. Software channel permissions must have level of protection based upon the site being accessed.System AdministratorDCMC-1
SV-6376r1_rule DTBI131 MEDIUM The Submit non-encrypted form data is not set properly for the Restricted Sites Zone. Submit non-encrypted form data must have level of protection based upon the site being accessed.System AdministratorECSC-1
SV-6377r1_rule DTBI132 MEDIUM The Userdata persistence is not set properly for the Restricted Sites Zone. No perseistant data should exist and be used in the Restricted sites zone. System AdministratorECSC-1
SV-6378r1_rule DTBI133 MEDIUM The Active scripting is not set properly for the Restricted Sites Zone. Active Scripting must have level of protection based upon the site being accessed.System AdministratorDCMC-1
SV-6379r1_rule DTBI134 MEDIUM The Allow paste operations via script is not set properly for the Restricted Sites Zone. The Allow paste operations via script must have level of protection based upon the site being browsed.System AdministratorECSC-1
SV-6380r1_rule DTBI135 MEDIUM The Scripting of Java applets is not set properly for the Restricted Sites Zone. The Scripting of Java applets must have level of protection based upon the site being accessed.System AdministratorDCMC-1
SV-6381r1_rule DTBI136 MEDIUM The User Authentication – Logon is not set properly for the Restricted Sites Zone. Care must be taken with user credentials and how automatic logons are performed and how default Windows credentials are passed to web sites. System AdministratorECSC-1
SV-6382r1_rule DTBI150 MEDIUM The Microsoft Java VM is installed. This software is no longer being support and should be removed.System AdministratorECSC-1
SV-6383r1_rule DTBI151 MEDIUM The Cipher setting for DES 56/56 is not set properly. This cipher setting controls the behavior of the DES 56/56 encryption algorthm.System AdministratorECSC-1
SV-6384r1_rule DTBI152 MEDIUM The Cipher setting for Null is not set properly. This controls the behavior of the Null cipher. System AdministratorECSC-1
SV-6385r1_rule DTBI153 MEDIUM The Cipher setting for Triple DES is not set properly. This enables the Triple Des cipher.System AdministratorECSC-1
SV-6386r1_rule DTBI160 MEDIUM The Hash setting for SHA is not set properly. This ensures that the Hash value for SHA is enabled.System AdministratorECSC-1
SV-6387r1_rule DTBG007 MEDIUM IE is not capable to use 128-bit encryption. IE must be enabled to use 128 bit encryption. This will lead to stronger encryption when supported by the web server for SSL connections.System AdministratorECSC-1
SV-6389r1_rule DTBI140 MEDIUM The Error Reporting tool for IE is installed or enabled. An error reporting tool may send sensitive data to a vendor.System AdministratorECSC-1
SV-7341r1_rule DTBI011 MEDIUM The IE search parameter is not set correctly. This parameter ensures automatic searches are not performed from the address bar. When a web site is not found and searching is performed, potentially malicious or unsuited sites may be displayed.System AdministratorECSC-1
SV-7354r1_rule DTBI121 MEDIUM The Java Permissions is not set properly for the Restricted Sites Zone. Java must have level of protection based upon the site being browsed.System AdministratorDCMC-1
SV-17879r1_rule DTBI025 MEDIUM The Download signed ActiveX controls property is not set properly for the Lockdown Zone. This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.System AdministratorInformation Assurance OfficerDCMC-1
SV-43160r2_rule DTBI018 MEDIUM Check for publishers certificate revocation is enforced. Check for publisher's certificate revocation options should be enforced to ensure all PKI signed objects are validated.System AdministratorECSC-1