DISA STIG IE 11 v2r5

Audit Details

Name: DISA STIG IE 11 v2r5

Updated: 10/8/2024

Authority: DISA STIG

Plugin: Windows

Revision: 1.1

Estimated Item Count: 138

File Details

Filename: DISA_STIG_Microsoft_Internet_Explorer_11_v2r5.audit

Size: 272 kB

MD5: 3b86f0394bf41c0d019e6868f1320bcc

SHA256: a0dd148cfebacf3d265d915a72d3bd0393befab4ae3a551fd676c8045b0878d1

Audit Items

Description	Categories
DISA_STIG_Microsoft_Internet_Explorer_11_v2r5.audit from DISA Microsoft Internet Explorer 11 v2r5 STIG
DTBI014-IE11 - Turn off Encryption Support must be enabled.	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI015-IE11 - The Internet Explorer warning about certificate address mismatch must be enforced.	CONFIGURATION MANAGEMENT
DTBI018-IE11 - Check for publishers certificate revocation must be enforced.	IDENTIFICATION AND AUTHENTICATION
DTBI022-IE11 - The Download signed ActiveX controls property must be disallowed (Internet zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI023-IE11 - The Download unsigned ActiveX controls property must be disallowed (Internet zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI024-IE11 - The Initialize and script ActiveX controls not marked as safe property must be disallowed (Internet zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI031-IE11 - The Java permissions must be disallowed (Internet zone).	CONFIGURATION MANAGEMENT
DTBI032-IE11 - Accessing data sources across domains must be disallowed (Internet zone).	ACCESS CONTROL
DTBI036-IE11 - Functionality to drag and drop or copy and paste files must be disallowed (Internet zone).	CONFIGURATION MANAGEMENT
DTBI038-IE11 - Launching programs and files in IFRAME must be disallowed (Internet zone).	CONFIGURATION MANAGEMENT
DTBI039-IE11 - Navigating windows and frames across different domains must be disallowed (Internet zone).	ACCESS CONTROL
DTBI042-IE11 - Userdata persistence must be disallowed (Internet zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI044-IE11 - Clipboard operations via script must be disallowed (Internet zone).	CONFIGURATION MANAGEMENT
DTBI046-IE11 - Logon options must be configured to prompt (Internet zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI061-IE11 - Java permissions must be configured with High Safety (Intranet zone).	CONFIGURATION MANAGEMENT
DTBI062-IE11 - Anti-Malware programs against ActiveX controls must be run for the Intranet zone.	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI091-IE11 - Java permissions must be configured with High Safety (Trusted Sites zone).	CONFIGURATION MANAGEMENT
DTBI092-IE11 - Anti-Malware programs against ActiveX controls must be run for the Trusted Sites zone.	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI112-IE11 - The Download signed ActiveX controls property must be disallowed (Restricted Sites zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI113-IE11 - The Download unsigned ActiveX controls property must be disallowed (Restricted Sites zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI114-IE11 - The Initialize and script ActiveX controls not marked as safe property must be disallowed (Restricted Sites zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI115-IE11 - ActiveX controls and plug-ins must be disallowed (Restricted Sites zone).	CONFIGURATION MANAGEMENT
DTBI116-IE11 - ActiveX controls marked safe for scripting must be disallowed (Restricted Sites zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI119-IE11 - File downloads must be disallowed (Restricted Sites zone).	CONFIGURATION MANAGEMENT
DTBI121-IE11 - Java permissions must be disallowed (Restricted Sites zone).	CONFIGURATION MANAGEMENT
DTBI122-IE11 - Accessing data sources across domains must be disallowed (Restricted Sites zone).	ACCESS CONTROL
DTBI123-IE11 - The Allow META REFRESH property must be disallowed (Restricted Sites zone).	CONFIGURATION MANAGEMENT
DTBI126-IE11 - Functionality to drag and drop or copy and paste files must be disallowed (Restricted Sites zone).	CONFIGURATION MANAGEMENT
DTBI128-IE11 - Launching programs and files in IFRAME must be disallowed (Restricted Sites zone).	CONFIGURATION MANAGEMENT
DTBI129-IE11 - Navigating windows and frames across different domains must be disallowed (Restricted Sites zone).	ACCESS CONTROL
DTBI132-IE11 - Userdata persistence must be disallowed (Restricted Sites zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI133-IE11 - Active scripting must be disallowed (Restricted Sites Zone).	CONFIGURATION MANAGEMENT
DTBI134-IE11 - Clipboard operations via script must be disallowed (Restricted Sites zone).	CONFIGURATION MANAGEMENT
DTBI136-IE11 - Logon options must be configured and enforced (Restricted Sites zone).	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI300-IE11 - Configuring History setting must be set to 40 days.	AUDIT AND ACCOUNTABILITY
DTBI318-IE11 - Internet Explorer must be set to disallow users to add/delete sites.	CONFIGURATION MANAGEMENT
DTBI319-IE11 - Internet Explorer must be configured to disallow users to change policies.	CONFIGURATION MANAGEMENT
DTBI320-IE11 - Internet Explorer must be configured to use machine settings.	CONFIGURATION MANAGEMENT
DTBI325-IE11 - Security checking features must be enforced.	CONFIGURATION MANAGEMENT
DTBI350-IE11 - Software must be disallowed to run or install with invalid signatures.	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI356-IE11 - The 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows, must be turned on.	SYSTEM AND COMMUNICATIONS PROTECTION
DTBI365-IE11 - Checking for server certificate revocation must be enforced.	IDENTIFICATION AND AUTHENTICATION
DTBI370-IE11 - Checking for signatures on downloaded programs must be enforced.	CONFIGURATION MANAGEMENT
DTBI375-IE11 - All network paths (UNCs) for Intranet sites must be disallowed.	CONFIGURATION MANAGEMENT
DTBI385-IE11 - Script-initiated windows without size or position constraints must be disallowed (Internet zone).	CONFIGURATION MANAGEMENT
DTBI390-IE11 - Script-initiated windows without size or position constraints must be disallowed (Restricted Sites zone).	CONFIGURATION MANAGEMENT
DTBI395-IE11 - Scriptlets must be disallowed (Internet zone).	CONFIGURATION MANAGEMENT
DTBI415-IE11 - Automatic prompting for file downloads must be disallowed (Internet zone).	CONFIGURATION MANAGEMENT
DTBI425-IE11 - Java permissions must be disallowed (Local Machine zone).	CONFIGURATION MANAGEMENT

Detections

Analytics

DISA STIG IE 11 v2r5

Audit Details

File Details

Audit Items