Back

Configure the "Navigate sub-frames across different domains" setting in limited functionality environments properly.


CONTROL ID
04433
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure Internet Browser security options according to organizational standards., CC ID: 02166

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • This setting determines if users can open sub-frames and access applications across domains. For Enterprise Client environments, the Navigate Sub-Frames Across Different Domains setting is Not Configured. For Specialized Security - Limited Functionality environments, this setting should be Disabled … (Pg 113, Microsoft Windows Vista Security Guide Appendix A: Security Group Policy Settings)
  • The "Navigate sub-frames across different domains" setting should be configured correctly for the Internet Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Re… (CCE-4143-4, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Navigate sub-frames across different domains" setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricte… (CCE-4110-3, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricte… (CCE-10642-7, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Internet Zone. Technical Mechanisms: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Nav… (CCE-9865-7, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Navigate sub-frames across different domains" setting should be configured correctly for the Internet Zone. (oval:gov.nist.fdcc.ie7:def:612, FDCC Windows IE7 SCAP content using OVAL (fdcc-ie7-oval.xml, fdcc-ie7-patches.xml), Version 5.4)
  • Navigate sub-frames across different domains - Internet Zone - Local Computer (navigate_sub_frames_across_different_domains_Internet_zone_local_computer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • Navigate sub-frames across different domains - Restricted Sites Zone - Local Computer (NavigateSub-framesAcrossDifferentDomains_RestrictedSitesZone_LocalComputer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • This policy setting allows you to manage the opening of sub-frames and access of applications across different domains. If you enable this policy setting, users can open sub-frames from other domains and access applications from other domains. (xccdf_gov.nist_rule_NavigateSub-framesAcrossDifferentDomains_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie7:def:1229, oval:gov.nist.USGCB.ie7:tst:3616, oval:gov.nist.USGCB.ie7:obj:169, oval:gov.nist.USGCB.ie7:ste:3254, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage the opening of sub-frames and access of applications across different domains. If you enable this policy setting, users can open sub-frames from other domains and access applications from other domains. (xccdf_gov.nist_rule_navigate_sub_frames_across_different_domains_Internet_zone_local_computer, oval:gov.nist.USGCB.ie7:def:612, oval:gov.nist.USGCB.ie7:tst:3769, oval:gov.nist.USGCB.ie7:obj:107, oval:gov.nist.USGCB.ie7:ste:3284, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage the opening of sub-frames and access of applications across different domains. If you enable this policy setting, users can open sub-frames from other domains and access applications from other domains. (xccdf_gov.nist_rule_navigate_sub_frames_across_different_domains_Internet_zone_local_computer, oval:gov.nist.USGCB.ie7:def:612, oval:gov.nist.USGCB.ie7:tst:3421, oval:gov.nist.USGCB.ie7:obj:107, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage the opening of sub-frames and access of applications across different domains. If you enable this policy setting, users can open sub-frames from other domains and access applications from other domains. (xccdf_gov.nist_rule_NavigateSubFramesAcrossDifferentDomains_InternetZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31033, oval:gov.nist.USGCB.ie8:tst:31033, oval:gov.nist.USGCB.ie8:obj:31033, oval:gov.nist.USGCB.ie8:ste:31033, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)
  • This policy setting allows you to manage the opening of sub-frames and access of applications across different domains. If you enable this policy setting, users can open sub-frames from other domains and access applications from other domains. (xccdf_gov.nist_rule_NavigateSub-framesAcrossDifferentDomains_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31071, oval:gov.nist.USGCB.ie8:tst:31071, oval:gov.nist.USGCB.ie8:obj:31071, oval:gov.nist.USGCB.ie8:ste:31071, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)