Back

Configure the "Download signed ActiveX controls" setting in limited functionality environments properly.


CONTROL ID
04427
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure Internet Browser security options according to organizational standards., CC ID: 02166

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • This setting determines if users can download signed ActiveX controls. For Enterprise Client environments, the Download Signed ActiveX Controls setting is Not Configured. For Specialized Security - Limited Functionality environments, this setting should be set to Enabled:Disable. This setting is app… (Pg 111, Microsoft Windows Vista Security Guide Appendix A: Security Group Policy Settings)
  • The "Download signed ActiveX controls" machine setting should be configured correctly for the Internet Zone. Technical Mechanisms: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Download signed ActiveX… (CCE-9917-6, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • Disable the Download Signed ActiveX Controls setting for limited functionality environments (oval:gov.nist.fdcc.ie7:def:1199, oval:gov.nist.fdcc.ie7:def:1019, oval:gov.nist.fdcc.ie7:def:24599, FDCC Windows IE7 SCAP content using OVAL (fdcc-ie7-oval.xml, fdcc-ie7-patches.xml), Version 5.4)
  • Download signed ActiveX controls - Internet Zone - Local Computer (download_signed_activex_controls_InternetZone_LocalComputer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • Download signed ActiveX controls - Restricted Sites Zone - Local Computer (download_signed_activex_controls_RestrictedSitesZone_LocalComputer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • Download Signed ActiveX Controls - Locked Down Internet Zone - Local Computer (download_signed_activex_controls_locked_down_internet_zone_local_computer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you enable this policy, users can download signed controls without user intervention. (xccdf_gov.nist_rule_download_signed_activex_controls_InternetZone_LocalComputer, oval:gov.nist.USGCB.ie7:def:1199, oval:gov.nist.USGCB.ie7:tst:3710, oval:gov.nist.USGCB.ie7:obj:186, oval:gov.nist.USGCB.ie7:ste:2975, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you enable this policy, users can download signed controls without user intervention. (xccdf_gov.nist_rule_DownloadSignedActiveXControls_InternetZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31026, oval:gov.nist.USGCB.ie8:tst:31026, oval:gov.nist.USGCB.ie8:obj:31026, oval:gov.nist.USGCB.ie8:ste:31026, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)