Back

Configure the "Deny all add-ons unless specifically allowed in the Add-on List" setting.


CONTROL ID
04354
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure Internet Browser security options according to organizational standards., CC ID: 02166

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The organization should only allow approved web browser add-ons from being installed. (Control: 1235, Australian Government Information Security Manual: Controls)
  • This setting presumes all add-ons are to be denied, unless specifically listed in the Add-on List setting. The Deny All Add-ons Unless Specifically Allowed In The Add-on List setting and the Add-on List setting is Recommended. (Pg 89, Microsoft Windows Vista Security Guide Appendix A: Security Group Policy Settings)
  • The "Deny all add-ons unless specifically allowed in the Add-on List" setting should be configured correctly. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Add-on Managemen… (CCE-3997-4, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Deny all add-ons unless specifically allowed in the Add-on List" current user setting should be configured correctly. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management\Deny all add-ons unless specifically … (CCE-16711-4, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Deny all add-ons unless specifically allowed in the Add-on List" machine setting should be configured correctly. Technical Mechanisms: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management\Deny all add-ons unless specifically a… (CCE-15982-2, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • This setting presumes all add-ons are to be denied, unless specifically listed in the Add-on List setting. The Deny All Add-ons Unless Specifically Allowed In The Add-on List setting and the Add-on List setting is Recommended. (Pg 97, NSA Guide to Security Microsoft Windows XP)