An error occurred:

Check: EDGE-00-000001

Microsoft Edge STIG: EDGE-00-000001 (in versions v1 r8 through v1 r6)

Title

User control of proxy settings must be disabled. (Cat III impact)

Discussion

This action configures the proxy settings for Microsoft Edge. If this policy is enabled, Microsoft Edge ignores all proxy-related options specified from the command line. If this policy is not configured, users can choose their own proxy settings. This policy overrides the following individual policies: - ProxyMode - ProxyPacUrl - ProxyServer - ProxyBypassList Setting the ProxySettings policy accepts the following fields: - ProxyMode, which allows for the proxy server used by Microsoft Edge to be specified and prevents users from changing proxy settings. - ProxyPacUrl, a URL to a proxy .pac file. - ProxyServer, a URL for the proxy server. - ProxyBypassList, a list of proxy hosts that Microsoft Edge bypasses. For ProxyMode, the following values have the noted impact: - direct, a proxy is never used and all other fields are ignored. - system, the system's proxy is used and all other fields are ignored. - auto_detect, all other fields are ignored. - fixed_servers, the ProxyServer and ProxyBypassList fields are used. - pac_script, the ProxyPacUrl and ProxyBypassList fields are used.

Check Content

The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Proxy server/Proxy Settings" must be set to one of the following options: "ProxyMode", "ProxyPacUrl", "ProxyServer", or "ProxyBypassList". If "ProxyMode" is used, one of the following must be set: "direct", "system", "auto_detect", "fixed_servers", or "pac_script". Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge If the REG_SZ value for "ProxySettings" is not set to one of the above selections, this is a finding.

Fix Text

Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Proxy server/Proxy Settings" to "ProxyMode", "ProxyPacUrl", "ProxyServer", or "ProxyBypassList". If "ProxyMode" is selected, one of the following must also be set: "direct", "system", "auto_detect", "fixed_servers", or "pac_script". Example policy text: SOFTWARE\Policies\Microsoft\Edge\ProxySettings = { "ProxyBypassList": "https://www.example1.com,https://www.example2.com,https://internalsite/", "ProxyMode": "pac_script", "ProxyPacMandatory": false, "ProxyPacUrl": "https://internal.site/example.pac", "ProxyServer": "123.123.123.123:8080" }

Additional Identifiers

Rule ID: SV-235719r917469_rule

Vulnerability ID: V-235719

Group Title: SRG-APP-000039

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001414

The information system enforces approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-4

Information Flow Enforcement