Check: DTBI318
Microsoft Internet Explorer 9 STIG:
DTBI318
(in version v1 r15)
Title
Internet Explorer must be set to disallow users to add/delete sites. (Cat II impact)
Discussion
This setting prevents users from adding sites to various security zones. Users should not be able to add sites to different zones, as this could allow them to bypass security controls of the system. If you do not configure this policy setting, users will be able to add or remove sites from the Trusted Sites and Restricted Sites zones at will and change settings in the Local Intranet zone. This configuration could allow sites that host malicious mobile code to be added to these zones, which users could execute.
Check Content
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer “Security Zones: Do not allow users to add/delete sites” must be “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Criteria: If the value Security_zones_map_edit is REG_DWORD = 1, this is not a finding.
Fix Text
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer “Security Zones: Do not allow users to add/delete sites” to “Enabled”.
Additional Identifiers
Rule ID: SV-40553r1_rule
Vulnerability ID: V-3429
Group Title: DTBI318 - Addition and deletion of sites
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |