Title

Internet Explorer is configured to allow users to add/delete sites. (Cat II impact)

Discussion

This setting prevents users from adding sites to various security zones. Users should not be able to add sites to different zones, as this could allow them to bypass security controls of the system.

Check Content

The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer “Security Zones: Do not allow users to add/delete sites” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Criteria: If the value Security_zones_map_edit is REG_DWORD = 1, this is not a finding.

Fix Text

The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer “Security Zones: Do not allow users to add/delete sites” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Criteria: Set the value Security_zones_map_edit to REG_DWORD = 1.

Additional Identifiers

Rule ID:

Vulnerability ID: V-3429

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.