8.3.32 Set 'Navigate windows and frames across different domains' to 'Enabled:Disable'

Information




This policy setting allows you to manage the opening of sub-frames and access of
applications across different domains. The recommended state for this setting is-
Enabled-Disable.

*Rationale*

It is conceivable that a web site hosting malicious could use this feature to conduct an
similar to cross-site scripting.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.

Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Navigate windows
and frames across different domainsThen set the Navigate windows and frames across different domains option to
Disable.

Impact-If you enable this policy setting, users can open sub-frames from other domains and access
applications from other domains. If you select Prompt in the drop-down box, users are
queried whether to allow sub-frames or access to applications from other domains. If you
disable this policy setting, users cannot open sub-frames or access applications from
different domains. If you do not configure this policy setting, users can open sub-frames
from other domains and access applications from other domains.

Default Value-Disabled

See Also

https://workbench.cisecurity.org/files/1518

Item Details

Audit Name: CIS IE 11 v1.0.0

Category: ACCESS CONTROL

References: 800-53|AC-4

Plugin: Windows

Control ID: 7594ab139825c9eb171f174c69f3f29f338b5d9c308b8354ebf80e0176d8d56b