Back

Configure the "Allow font downloads" setting in limited functionality environments properly.


CONTROL ID
04421
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure Internet Browser security options according to organizational standards., CC ID: 02166

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • This setting determines if Web pages can download HTML fonts. For Enterprise Client environments, the Allow Font Downloads setting is Not Configured. For Specialized Security - Limited Functionality environments, this setting should be set to Enabled:Disable. This setting is applicable to the Intern… (Pg 110, Microsoft Windows Vista Security Guide Appendix A: Security Group Policy Settings)
  • The "Font download" setting should be configured correctly for the Internet Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Softw… (CCE-3888-5, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Font download" setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HK… (CCE-4062-6, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Allow font downloads" machine setting should be configured correctly for the Internet Zone. Technical Mechanisms: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow font downloads (2) Registry … (CCE-10403-4, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Allow font downloads" machine setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow font download… (CCE-9982-0, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • Disable the Allow Font Downloads setting for limited functionality environments (oval:gov.nist.fdcc.ie7:def:524, oval:gov.nist.fdcc.ie7:def:1109, FDCC Windows IE7 SCAP content using OVAL (fdcc-ie7-oval.xml, fdcc-ie7-patches.xml), Version 5.4)
  • Allow Font Downloads - Internet Zone - Local Computer (AllowFontDownloads_InternetZone_LocalComputer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • Allow Font Downloads - Restricted Sites Zone - Local Computer (AllowFontDownloads_RestrictedSitesZone_LocalComputer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. (xccdf_gov.nist_rule_AllowFontDownloads_InternetZone_LocalComputer, oval:gov.nist.USGCB.ie7:def:524, oval:gov.nist.USGCB.ie7:tst:3458, oval:gov.nist.USGCB.ie7:obj:185, oval:gov.nist.USGCB.ie7:ste:3338, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. (xccdf_gov.nist_rule_AllowFontDownloads_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie7:def:1109, oval:gov.nist.USGCB.ie7:tst:4064, oval:gov.nist.USGCB.ie7:obj:119, oval:gov.nist.USGCB.ie7:ste:3729, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. (xccdf_gov.nist_rule_AllowFontDownloads_InternetZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31020, oval:gov.nist.USGCB.ie8:tst:31020, oval:gov.nist.USGCB.ie8:obj:31020, oval:gov.nist.USGCB.ie8:ste:31020, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)
  • This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. (xccdf_gov.nist_rule_AllowFontDownloads_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31057, oval:gov.nist.USGCB.ie8:tst:31057, oval:gov.nist.USGCB.ie8:obj:31057, oval:gov.nist.USGCB.ie8:ste:31057, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)