1.1.4.1.9 Ensure 'Object Caching Protection' is set to 'Enabled'

Information

This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain. For Office, this applies to URLs accessed within Office applications. By default in Internet Explorer, a reference to an object is no longer accessible when the user browses to a new domain. There is a new security context for all scriptable objects so that access to all cached objects is blocked. Additionally, access is blocked when browsing within the same domain (fully qualified domain name). A reference to an object is no longer accessible after the context has changed due to navigation.

The recommended state for this setting is: Enabled: groove.exe, excel.exe, mspub.exe, powerpnt.exe, pptview.exe, visio.exe, winproj.exe, winword.exe, outlook.exe, spDesign.exe, exprwd.exe, msaccess.exe, onent.exe, mse7.exe.

Rationale:

A malicious website may try to use object references from other domains.

Impact:

If you enable this policy setting, object reference is no longer accessible when navigating within or across domains for each specified application. If you disable or do not configure this policy setting, object reference is retained when navigating within or across domains in the Restricted Zone sites.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled: check all applications:

Computer Configuration\Administrative Templates\Microsoft Office 2016 (Machine)\Security Settings\IE Security\Object Caching Protection

Default Value:

Not Configured

See Also

https://workbench.cisecurity.org/benchmarks/12129

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Windows

Control ID: 0872375c7e91f6b3a46abc59e3cd5ae0f95250f517545d9b78822c0daa282b2f