Back

Configure the "Allow Scriptlets" setting in limited functionality environments properly.


CONTROL ID
02237
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure Internet Browser security options according to organizational standards., CC ID: 02166

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The "Allow Scriptlets" setting should be configured correctly for the Internet Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\So… (CCE-3601-2, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Allow Scriptlets" setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:… (CCE-3639-2, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Allow Scriptlets" machine setting should be configured correctly for the Internet Zone. Technical Mechanisms: (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow Scriptlets (2) Registry … (CCE-10685-6, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Allow Scriptlets" machine setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow Scriptlets R… (CCE-10630-2, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Allow Scriptlets" current user setting should be configured correctly for the Internet Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Pol… (CCE-15505-1, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Allow Scriptlets" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow Scriptl… (CCE-16642-1, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Allow Scriptlets" current user setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow Scriptlets HKEY_CURRENT_U… (CCE-16507-6, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Allow Scriptlets" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. Technical Mechanisms: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow Scriptle… (CCE-16517-5, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Allow Scriptlets" machine setting should be configured correctly for the Intranet Zone. Technical Mechanisms: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow Scriptlets HKEY_LOCAL_MACHINE\Software\Pol… (CCE-15899-8, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Allow Scriptlets" current user setting should be configured correctly for the Intranet Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Pol… (CCE-16202-4, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Allow Scriptlets" setting should be configured correctly for the Internet Zone. (oval:gov.nist.fdcc.ie7:def:1043, FDCC Windows IE7 SCAP content using OVAL (fdcc-ie7-oval.xml, fdcc-ie7-patches.xml), Version 5.4)
  • Allow Scriptlets - Internet Zone - Local Computer (allow_scriptlets_internet_zone_local_computer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • This policy setting allows you to manage whether scriptlets can be allowed. If you enable this policy setting, users will be able to run scriptlets. If you disable this policy setting, users will not be able to run scriptlets. (xccdf_gov.nist_rule_AllowScriptlets_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie7:def:31061, oval:gov.nist.USGCB.ie7:tst:31061, oval:gov.nist.USGCB.ie7:obj:31061, oval:gov.nist.USGCB.ie7:ste:31061, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage whether scriptlets can be allowed. If you enable this policy setting, users will be able to run scriptlets. If you disable this policy setting, users will not be able to run scriptlets. (xccdf_gov.nist_rule_allow_scriptlets_internet_zone_local_computer, oval:gov.nist.USGCB.ie7:def:1043, oval:gov.nist.USGCB.ie7:tst:4133, oval:gov.nist.USGCB.ie7:obj:34, oval:gov.nist.USGCB.ie7:ste:3915, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage whether scriptlets can be allowed. If you enable this policy setting, users will be able to run scriptlets. If you disable this policy setting, users will not be able to run scriptlets. (xccdf_gov.nist_rule_AllowScriptlets_InternetZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31023, oval:gov.nist.USGCB.ie8:tst:31023, oval:gov.nist.USGCB.ie8:obj:31023, oval:gov.nist.USGCB.ie8:ste:31023, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)
  • This policy setting allows you to manage whether scriptlets can be allowed. If you enable this policy setting, users will be able to run scriptlets. If you disable this policy setting, users will not be able to run scriptlets. (xccdf_gov.nist_rule_AllowScriptlets_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31061, oval:gov.nist.USGCB.ie8:tst:31061, oval:gov.nist.USGCB.ie8:obj:31061, oval:gov.nist.USGCB.ie8:ste:31061, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)