Check: WN11-CC-000391
Microsoft Windows 11 STIG:
WN11-CC-000391
(in versions v2 r2 through v1 r3)
Title
Internet Explorer must be disabled for Windows 11. (Cat II impact)
Discussion
Internet Explorer 11 (IE11) is not supported on Windows 11 semi-annual channel.
Check Content
Determine if IE11 is installed or enabled on Windows 11 semi-annual channel. If IE11 is installed or not disabled on Windows 11 semi-annual channel, this is a finding. If IE11 is installed on an unsupported operating system and is enabled or installed, this is a finding. For more information, visit: https://learn.microsoft.com/en-us/lifecycle/faq/internet-explorer-microsoft-edge#what-is-the-lifecycle-policy-for-internet-explorer-
Fix Text
For Windows 11 semi-annual channel, remove or disable the IE11 application. To disable IE11 as a standalone browser: Set the policy value for "Computer Configuration/Administrative Templates/Windows Components/Internet Explorer/Disable Internet Explorer 11 as a standalone browser" to "Enabled" with the option value set to "Never".
Additional Identifiers
Rule ID: SV-256893r958552_rule
Vulnerability ID: V-256893
Group Title: SRG-OS-000185-GPOS-00079
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |