DTBI318-IE11 - Internet Explorer must be set to disallow users to add/delete sites.

Information

This setting prevents users from adding sites to various security zones. Users should not be able to add sites to different zones, as this could allow them to bypass security controls of the system. If you do not configure this policy setting, users will be able to add or remove sites from the Trusted Sites and Restricted Sites zones at will and change settings in the Local Intranet zone. This configuration could allow sites that host malicious mobile code to be added to these zones, and users could execute the code.

Solution

Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer 'Security Zones: Do not allow users to add/delete sites' to 'Enabled'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IE11_V2R5_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a., CAT|II, CCI|CCI-000381, Rule-ID|SV-223072r879587_rule, STIG-ID|DTBI318-IE11, STIG-Legacy|SV-59479, STIG-Legacy|V-46615, Vuln-ID|V-223072

Plugin: Windows

Control ID: 262a8edd31b471cda21a89afe6ca49d2c93f7f5c6395bbb81826bf04f2aa65e5