Check: DTBI014-IE11
Microsoft Internet Explorer 11 STIG:
DTBI014-IE11
(in versions v2 r5 through v2 r1)
Title
Turn off Encryption Support must be enabled. (Cat II impact)
Discussion
This parameter ensures only DoD-approved ciphers and algorithms are enabled for use by the web browser by allowing you to turn on/off support for TLS and SSL. TLS is a protocol for protecting communications between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each other's list of supported protocols and versions and pick the most preferred match. Satisfies: SRG-APP-000514, SRG-APP-000555, SRG-APP-000625, SRG-APP-000630, SRG-APP-000635
Check Content
The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Advanced Page >> "Turn off Encryption Support" must be "Enabled". Verify the only option selected is "Only use TLS 1.2" from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!SecureProtocols. Criteria: If the value for "SecureProtocols" is not REG_DWORD = "2048", this is a finding.
Fix Text
Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Advanced Page >> "Turn off Encryption Support" to "Enabled". Select only "Only use TLS 1.2" from the drop-down box.
Additional Identifiers
Rule ID: SV-250540r942484_rule
Vulnerability ID: V-250540
Group Title: SRG-APP-000416
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002450 |
The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. |
CCI-002480 |
The organization defines the information system components for which a diverse set of information technologies are to be employed. |