Configure the "Allow binary and script behaviors" setting in limited functionality environments properly.

Back

CONTROL ID
04417

CONTROL TYPE
Configuration

CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS

This Control directly supports the implied Control(s):

Configure Internet Browser security options according to organizational standards., CC ID: 02166

There are no implementation support Controls.

SELECTED AUTHORITY DOCUMENTS COMPLIED WITH

This setting manages dynamic binary and script behaviors. For Enterprise Client environments, the Allow Binary And Script Behaviors setting is Not Configured. For Specialized Security - Limited Functionality environments, this setting should be set to Enabled:Disable. This setting is applicable to t… (Pg 109, Microsoft Windows Vista Security Guide Appendix A: Security Group Policy Settings)
Verify that an entity's users do not have write access to shared system binaries. (§ A.1.2.c Testing Procedures, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
The "Binary and script behaviors" setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Reg… (CCE-4196-2, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
The "Allow binary and script behaviors" machine setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow … (CCE-10547-8, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
The "Binary and script behaviors" setting should be configured correctly for the Restricted Sites Zone. (oval:gov.nist.fdcc.ie7:def:365, FDCC Windows IE7 SCAP content using OVAL (fdcc-ie7-oval.xml, fdcc-ie7-patches.xml), Version 5.4)
Allow Binary and Script Behaviors - Restricted Sites Zone - Local Computer (AllowBinaryAndScriptBehaviors_RestrictedSitesZone_LocalComputer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary and script behaviors are available. (xccdf_gov.nist_rule_AllowBinaryAndScriptBehaviors_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie7:def:365, oval:gov.nist.USGCB.ie7:tst:3855, oval:gov.nist.USGCB.ie7:obj:62, oval:gov.nist.USGCB.ie7:ste:3079, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary and script behaviors are available. (xccdf_gov.nist_rule_AllowBinaryAndScriptBehaviors_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31053, oval:gov.nist.USGCB.ie8:tst:31053, oval:gov.nist.USGCB.ie8:obj:31053, oval:gov.nist.USGCB.ie8:ste:31053, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)