From f5ceaa82ab3bf4b450b705e4ca155e4630cd3646 Mon Sep 17 00:00:00 2001 From: Brian Wilhite Date: Thu, 6 Aug 2020 09:34:16 -0400 Subject: [PATCH] added IE 11 STIG - V1R19 --- CHANGELOG.md | 1 + ... => U_MS_IE11_STIG_V1R19_Manual-xccdf.log} | 0 ... => U_MS_IE11_STIG_V1R19_Manual-xccdf.xml} | 104 ++++++++++-------- ... InternetExplorer-11-1.19.org.default.xml} | 2 +- ...-1.17.xml => InternetExplorer-11-1.19.xml} | 37 +++++-- 5 files changed, 90 insertions(+), 54 deletions(-) rename source/StigData/Archive/InternetExplorer/{U_MS_IE11_STIG_V1R17_Manual-xccdf.log => U_MS_IE11_STIG_V1R19_Manual-xccdf.log} (100%) rename source/StigData/Archive/InternetExplorer/{U_MS_IE11_STIG_V1R17_Manual-xccdf.xml => U_MS_IE11_STIG_V1R19_Manual-xccdf.xml} (82%) rename source/StigData/Processed/{InternetExplorer-11-1.17.org.default.xml => InternetExplorer-11-1.19.org.default.xml} (84%) rename source/StigData/Processed/{InternetExplorer-11-1.17.xml => InternetExplorer-11-1.19.xml} (98%) diff --git a/CHANGELOG.md b/CHANGELOG.md index c37566ae2..b435f06b5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## [Unreleased] +* Update PowerSTIG to successfully parse/apply Microsoft Internet Explorer 11 STIG - Ver 1, Rel 19: [#707](https://github.com/microsoft/PowerStig/issues/707) * Update PowerSTIG to successfully parse/apply IIS 10.0 Site/Server V1R2 STIGs: [#699](https://github.com/microsoft/PowerStig/issues/699) * Update PowerSTIG to successfully parse Microsoft Windows 10 STIG - Ver 1, Rel 23: [#678](https://github.com/microsoft/PowerStig/issues/678) * Update PowerSTIG to successfully parse/apply Windows Server 2019 Instance Ver. 1 Rel. 5: [#683](https://github.com/microsoft/PowerStig/issues/683) diff --git a/source/StigData/Archive/InternetExplorer/U_MS_IE11_STIG_V1R17_Manual-xccdf.log b/source/StigData/Archive/InternetExplorer/U_MS_IE11_STIG_V1R19_Manual-xccdf.log similarity index 100% rename from source/StigData/Archive/InternetExplorer/U_MS_IE11_STIG_V1R17_Manual-xccdf.log rename to source/StigData/Archive/InternetExplorer/U_MS_IE11_STIG_V1R19_Manual-xccdf.log diff --git a/source/StigData/Archive/InternetExplorer/U_MS_IE11_STIG_V1R17_Manual-xccdf.xml b/source/StigData/Archive/InternetExplorer/U_MS_IE11_STIG_V1R19_Manual-xccdf.xml similarity index 82% rename from source/StigData/Archive/InternetExplorer/U_MS_IE11_STIG_V1R17_Manual-xccdf.xml rename to source/StigData/Archive/InternetExplorer/U_MS_IE11_STIG_V1R19_Manual-xccdf.xml index 3123af7d2..68480996d 100644 --- a/source/StigData/Archive/InternetExplorer/U_MS_IE11_STIG_V1R17_Manual-xccdf.xml +++ b/source/StigData/Archive/InternetExplorer/U_MS_IE11_STIG_V1R19_Manual-xccdf.xml @@ -1,4 +1,4 @@ -acceptedMicrosoft Internet Explorer 11 Security Technical Implementation GuideThe Microsoft Internet Explorer 11 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.milSettings in this guidance assume a complete installation of Microsoft Internet Explorer 11 on the Windows Platform. Registry paths and values identified in each control assume the use of Group Policy Administrative Templates. Installations not using Group Policies to administer Microsoft Browser products may observe alternate registry paths for stored configuration values.DISASTIG.DOD.MILRelease: 17 Benchmark Date: 26 Apr 20191I - Mission Critical Classified<ProfileDescription></ProfileDescription>I - Mission Critical Public<ProfileDescription></ProfileDescription>I - Mission Critical Sensitive<ProfileDescription></ProfileDescription>II - Mission Support Classified<ProfileDescription></ProfileDescription>II - Mission Support Public<ProfileDescription></ProfileDescription>II - Mission Support Sensitive<ProfileDescription></ProfileDescription>III - Administrative Classified<ProfileDescription></ProfileDescription>III - Administrative Public<ProfileDescription></ProfileDescription>III - Administrative Sensitive<ProfileDescription></ProfileDescription>DTBI014-IE11-TLS setting<GroupDescription></GroupDescription>DTBI014-IE11Turn off Encryption Support must be enabled.<VulnDiscussion>This parameter ensures only DoD-approved ciphers and algorithms are enabled for use by the web browser by allowing you to turn on/off support for TLS and SSL. TLS is a protocol for protecting communications between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each other's list of supported protocols and versions and pick the most preferred match..</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target IE Version 11DISADPMS TargetIE Version 112589CCI-002450Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Advanced Page >> "Turn off Encryption Support" to "Enabled". +acceptedMicrosoft Internet Explorer 11 Security Technical Implementation GuideThe Microsoft Internet Explorer 11 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.milSettings in this guidance assume a complete installation of Microsoft Internet Explorer 11 on the Windows Platform. Registry paths and values identified in each control assume the use of Group Policy Administrative Templates. Installations not using Group Policies to administer Microsoft Browser products may observe alternate registry paths for stored configuration values.DISASTIG.DOD.MILRelease: 19 Benchmark Date: 24 Jul 20201I - Mission Critical Classified<ProfileDescription></ProfileDescription>I - Mission Critical Sensitive<ProfileDescription></ProfileDescription>II - Mission Support Public<ProfileDescription></ProfileDescription>III - Administrative Classified<ProfileDescription></ProfileDescription>III - Administrative Sensitive<ProfileDescription></ProfileDescription>