Check: WN10-CC-000391
Microsoft Windows 10 STIG:
WN10-CC-000391
(in versions v3 r2 through v2 r6)
Title
Internet Explorer must be disabled for Windows 10. (Cat II impact)
Discussion
Internet Explorer 11 (IE11) is no longer supported on Windows 10 semi-annual channel.
Check Content
Determine if IE11 is installed or enabled on Windows 10 semi-annual channel. If IE11 is installed or not disabled on Windows 10 semi-annual channel, this is a finding. If IE11 is installed on a unsupported operating system and is enabled or installed, this is a finding. For more information, visit: https://learn.microsoft.com/en-us/lifecycle/faq/internet-explorer-microsoft-edge#what-is-the-lifecycle-policy-for-internet-explorer-
Fix Text
For Windows 10 semi-annual channel, remove or disable the IE11 application. To disable IE11 as a standalone browser: Set the policy value for "Computer Configuration/Administrative Templates/Windows Components/Internet Explorer/Disable Internet Explorer 11 as a standalone browser" to "Enabled" with the option value set to "Never".
Additional Identifiers
Rule ID: SV-256894r958552_rule
Vulnerability ID: V-256894
Group Title: SRG-OS-000185-GPOS-00079
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |