Check: EDGE-00-000055
Microsoft Edge STIG:
EDGE-00-000055
(in versions v1 r8 through v1 r1)
Title
A website's ability to query for payment methods must be disabled. (Cat II impact)
Discussion
This setting determines whether websites can check if the user has payment methods saved. If this policy is disabled, websites that use "PaymentRequest.canMakePayment" or "PaymentRequest.hasEnrolledInstrument" API will be informed that no payment methods are available. If this policy is enabled or is not set, websites can check to determine if the user has payment methods saved.
Check Content
The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Allow websites to query for available payment methods" must be set to "disabled". Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge If the value for PaymentMethodQueryEnabled is not set to "REG_DWORD = 0", this is a finding.
Fix Text
Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Allow websites to query for available payment methods" to "disabled".
Additional Identifiers
Rule ID: SV-235767r951014_rule
Vulnerability ID: V-235767
Group Title: SRG-APP-000149
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
| CCI-000389 |
The organization develops an inventory of information system components that accurately reflects the current information system. |