8.3.1 Set 'Access data sources across domains' to 'Enabled:Disable'

Information

*Description*

This policy setting allows you to manage whether Internet Explorer can access data from
another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects
(ADO). The recommended state for this setting is- Enabled-Disable.

*Rationale*

The ability to access data zones across domains could cause the user to unknowingly access
content hosted on an unauthorized server.

Solution

To implement the recommended configuration state, set the following Group Policy setting
to Enabled.
Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Access data
sources across domains\Access data sources across domains

Then set the Access data sources across domains option to Disable.

Impact-If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO
to access data from another site in the zone. If you select Prompt in the drop-down box,
users are queried to choose whether to allow a page to be loaded in the zone that uses
MSXML or ADO to access data from another site in the zone. If you disable this policy
setting, users cannot load a page in the zone that uses MSXML or ADO to access data from
another site in the zone. If you do not configure this policy setting, users cannot load a page
in the zone that uses MSXML or ADO to access data from another site in the zone.

See Also

https://workbench.cisecurity.org/files/1516

Item Details

Audit Name: CIS IE 9 v1.0.0

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(3)

Plugin: Windows

Control ID: 2214da198a783a0b4a2989be6ee298248640ad77908c5d91c9ae08a2384b6463