National Vulnerability Database (NVD) National Checklist Program Checklist Detail for Internet Explorer 9 STIG Version 1, Release 4

Checklist Details for Internet Explorer 9 STIG Version 1, Release 4

(Archived Revisions)

Checklist Highlights

Checklist Name:: Internet Explorer 9 STIG
Checklist ID:: 418
Version:: Version 1, Release 4
Tier:: III
Review Status:: Final
Authority:: Governmental Authority: Defense Information Systems Agency
Publication Date:: 07/27/2012
Checklist Group:: View

SCAP 1.0 Content:: Internet Explorer 9 STIG Benchmark Version 1, Release 4
Defense Information Systems Agency
SCAP Expression Information:: SCAP
Expressed XCCDF
Expressed OVAL
Expressed CCE
Expressed CVE
Expressed CVSS
Expressed CPE
Expressed

X X X X
Supporting Resources:: Download Standalone XCCDF - Internet Explorer 9 STIG Version 1, Release 5
Defense Information Systems Agency
Target Product:: Target Product CPE Name Product Category

Microsoft Internet Explorer 9 cpe:/a:microsoft:ie:9 (View CVEs)
Web Browser
Checklist Summary:: The Internet Explorer (IE) 9 Overview, along with the IE 9 and Windows Desktop Application Security Technical Implementation Guides (STIGs), provides the technical security policies, requirements, and implementation details for applying security concepts to Microsoft IE 9 web browser.
Checklist Role:: Web Browser
Known Issues:: Not provided.
Target Audience:: The requirements and recommendations set forth in this document will assist IAOs and Information Assurance Managers (IAMs) in protecting web browser applications in DoD locations hereafter referred to as sites. The responsible Configuration Control Board (CCB) will approve revisions to site systems that could have a security impact. Therefore, before implementing web browser application security measures, the IAO will submit a change notice to the CCB for review and approval. Although there are a few different operating system platforms for desktop environments, this document addresses IE 9 running on Microsoft Windows 7 platforms only. This document does not include specific guidance for UNIX, Linux, or Apple desktop environments at this time. Although not directly outlined, the intent of these security requirements detailed in this document also apply to IE 9 web browser applications installed on Microsoft Windows Server platforms, as well as Microsoft Windows Workstation platforms. On server platforms, the security configuration parameters will be set to at least as restrictive values as those listed in this document.
Target Operational Environment:: Managed
Testing Information:: Not provided.
Regulatory Compliance:: DoDD 8500.1
Comments/Warnings/Miscellaneous:: Not provided.
Disclaimer:: It must be noted that the guidelines specified should be evaluated in a local, representative test environment before implementation within large user populations. The extensive variety of environments makes it impossible to test these guidelines for all potential software configurations. For some environments, failure to test before implementation may lead to a loss of required functionality.
Product Support:: Not provided.
Point of Contact:: Comments or proposed revisions to this document should be sent via email to the following address: fso_spt@disa.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.
Sponsor:: Not provided.
Licensing:: Not provided.
Change History:: Version 1, Release 5 - 26 April 2013 Version 1, Release 4 - 26 April 2013 Version 1, Release 3 - 13 August 2012 Version 1, Release 2 - 27 July 2012 Version 1, Release 1 - 21 May 2012
Dependency/Requirements:
References:: http://iase.disa.mil/stigs/app_security/browser_guidance/u_microsoft_ie9_stig_v1_release_memo.pdf
Internet Explorer 9 Release Memo