Check: DTBI115-IE11
Microsoft Internet Explorer 11 STIG:
DTBI115-IE11
(in versions v2 r5 through v1 r11)
Title
ActiveX controls and plug-ins must be disallowed (Restricted Sites zone). (Cat II impact)
Discussion
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. ActiveX controls not marked as safe should not be executed. If you enable this policy setting, controls and plug-ins can run without user intervention. If you disable this policy setting, controls and plug-ins are prevented from running.
Check Content
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Run ActiveX controls and plugins' must be 'Enabled', and 'Disable' selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value "1200" is REG_DWORD = 3, this is not a finding.
Fix Text
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Run ActiveX controls and plugins' to 'Enabled', and select 'Disable' from the drop-down box.
Additional Identifiers
Rule ID: SV-223058r879887_rule
Vulnerability ID: V-223058
Group Title: SRG-APP-000516
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
| CCI-001687 |
The organization ensures the use of mobile code to be deployed in information systems meets organization-defined mobile code requirements. |