Check: EDGE-00-000056
Microsoft Edge STIG:
EDGE-00-000056
(in versions v1 r8 through v1 r2)
Title
Suggestions of similar web pages in the event of a navigation error must be disabled. (Cat II impact)
Discussion
This setting allows Microsoft Edge to issue a connection to a web service to generate URL and search suggestions for connectivity issues such as DNS errors. If this policy is enabled, a web service is used to generate URL and search suggestions for network errors. If this policy is disabled, no calls to the web service are made and a standard error page is shown. If this policy is not configured, Microsoft Edge respects the user preference that is set under Services at edge://settings/privacy. Specifically, there is a "Suggest similar pages when a webpage can't be found" toggle, which the user can switch on or off. Note that if this policy has been enabled (AlternateErrorPagesEnabled), the "Suggest similar pages when a webpage can't be found setting" is turned on, but the user cannot change the setting by using the toggle. If this policy is disabled, the "Suggest similar pages when a webpage can't be found" setting is turned off, and the user cannot change the setting by using the toggle.
Check Content
The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Suggest similar pages when a webpage can't be found" must be set to "Disabled". Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge If the value for AlternateErrorPagesEnabled is not set to "REG_DWORD = 0", this is a finding.
Fix Text
Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Suggest similar pages when a webpage can't be found" to "Disabled".
Additional Identifiers
Rule ID: SV-235768r879592_rule
Vulnerability ID: V-235768
Group Title: SRG-APP-000151
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000767 |
The information system implements multifactor authentication for local access to privileged accounts. |
Controls
Number | Title |
---|---|
IA-2 (3) |
Local Access To Privileged Accounts |