An error occurred:

Check: DTBI1070-IE11

Microsoft Internet Explorer 11 STIG: DTBI1070-IE11 (in versions v2 r5 through v1 r11)

Title

Prevent per-user installation of ActiveX controls must be enabled. (Cat II impact)

Discussion

This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis. If you enable this policy setting, ActiveX controls cannot be installed on a per-user basis. If you disable or do not configure this policy setting, ActiveX controls can be installed on a per-user basis.

Check Content

The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> ”Prevent per-user installation of ActiveX controls” must be ”Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX. Criteria: If the value "BlockNonAdminActiveXInstall" is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> ”Prevent per-user installation of ActiveX controls” to ”Enabled”.

Additional Identifiers

Rule ID: SV-223041r879630_rule

Vulnerability ID: V-223041

Group Title: SRG-APP-000210

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001170

The information system prevents the automatic execution of mobile code in organization-defined software applications.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-18 (4)

Prevent Automatic Execution