Title

Internet Explorer is configured to Allow Users to Add/Delete Sites. (Cat II impact)

Discussion

This setting prevents users from adding sites to various security zones. Users should not be able to add sites to different zones, as this could allow them to bypass security controls of the system.

Check Content

If the following registry value doesn’t exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Subkey: \Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ Value Name: Security_Zones_Map_Edit Type: REG_DWORD Value: 1

Fix Text

Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer “Security Zones: Do Not Allow Users to Add/Delete Sites” to “Enabled”.

Additional Identifiers

Rule ID: SV-3429r1_rule

Vulnerability ID: V-3429

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.