Title

Deleting web sites that the user has visited must be disallowed. (Cat II impact)

Discussion

This policy prevents users from deleting the history of web sites the user has visited. If you enable this policy setting, web sites the user has visited will be preserved when the user clicks Delete. If you disable this policy setting, web sites that the user has visited will be deleted when user clicks Delete. If you do not configure this policy setting, the user will be able to select whether to delete or preserve web sites the user visited when the user clicks Delete.

Check Content

The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Delete Browsing History -> “Prevent Deleting Web sites that the User has Visited” must be “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy Criteria: If the value CleanHistory is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Delete Browsing History -> “Prevent Deleting Web sites that the User has Visited” to “Enabled”.

Additional Identifiers

Rule ID: SV-40708r1_rule

Vulnerability ID: V-22149

Group Title: DTBI770 - Web site visit history

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.