Check: EDGE-00-000039
      
      
        
  Microsoft Edge STIG:
  EDGE-00-000039
  
    (in versions v2 r3 through v1 r6)
  
      
      
    
  Title
URLs must be allowlisted for plugin use if used. (Cat III impact)
Discussion
Define a list of sites, based on URL patterns that can open pop-up windows.
Check Content
This requirement for "Allow pop-up windows on specific sites" is not required; this is optional. The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Content settings/Allow pop-up windows on specific sites" must be set to "Enabled". Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge "PopupsAllowedForUrls" must be set as follows: HKLM\SOFTWARE\Policies\Microsoft\Edge\PopupsAllowedForUrls\1 = mydomain.com HKLM\SOFTWARE\Policies\Microsoft\Edge\PopupsAllowedForUrls\2 = myagency.mil If configured, the list of domains for which Microsoft Edge allows pop-ups may be allowlisted.
Fix Text
Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Content settings/Allow pop-up windows on specific sites" to "Enabled". A list of allowlisted URLs may be specified here.
Additional Identifiers
Rule ID: SV-235753r1015297_rule
Vulnerability ID: V-235753
Group Title: SRG-APP-000378
Expert Comments
      
        
        
      
      
        
  CCIs
      
      
        
        
      
    
  | Number | Definition | 
|---|---|
| CCI-001812 | The information system prohibits user installation of software without explicit privileged status. | 
| CCI-003980 | Allow user installation of software only with explicit privileged status. | 
      
        
        
      
      
        
  Controls
      
      
        
        
      
    
  | Number | Title | 
|---|---|
| CM-11(2) | Software Installation with Privileged Status |