Back

Configure the "Open file based on content, not on file extension" setting in limited functionality environments properly.


CONTROL ID
04434
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure Internet Browser security options according to organizational standards., CC ID: 02166

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • This setting determines if MIME Sniffing is turned on or off. For Enterprise Client environments, the Open File Based On Content, Not File Extension setting is Not Configured. For Specialized Security - Limited Functionality environments, this setting should be set to Enabled:Disable. This setting i… (Pg 113, Microsoft Windows Vista Security Guide Appendix A: Security Group Policy Settings)
  • The "Open files based on content, not file extension" setting should be configured correctly for the Internet Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone … (CCE-4161-6, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Open files based on content, not file extension" setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restri… (CCE-4132-7, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Open files based on content, not file extension" machine setting should be configured correctly for the Internet Zone. Technical Mechanisms: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Open fil… (CCE-10107-1, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Open files based on content, not file extension" machine setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sit… (CCE-10277-2, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Open files based on content, not file extension" current user setting should be configured correctly for the Internet Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Open files based… (CCE-15871-7, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Open files based on content, not file extension" current user setting should be configured correctly for the Locked-Down Local Machine Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down L… (CCE-16430-1, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Open files based on content, not file extension" current user setting should be configured correctly for the Locked-Down Internet Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intern… (CCE-16314-7, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Open files based on content, not file extension" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down T… (CCE-16361-8, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Open files based on content, not file extension" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Dow… (CCE-15432-8, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Open files based on content, not file extension" current user setting should be configured correctly for the Locked-Down Intranet Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intran… (CCE-16560-5, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Open files based on content, not file extension" current user setting should be configured correctly for the Local Machine Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Open f… (CCE-15858-4, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Open files based on content, not file extension" current user setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\… (CCE-16494-7, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Open files based on content, not file extension" machine setting should be configured correctly for the Locked-Down Intranet Zone. Technical Mechanisms: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intrane… (CCE-16086-1, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Open files based on content, not file extension" machine setting should be configured correctly for the Locked-Down Internet Zone. Technical Mechanisms: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Interne… (CCE-16895-5, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Open files based on content, not file extension" machine setting should be configured correctly for the Locked-Down Local Machine Zone. Technical Mechanisms: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Lo… (CCE-15393-2, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Open files based on content, not file extension" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. Technical Mechanisms: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Tr… (CCE-16553-0, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Open files based on content, not file extension" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. Technical Mechanisms: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down… (CCE-16798-1, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Open files based on content, not file extension" machine setting should be configured correctly for the Intranet Zone. Technical Mechanisms: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Open files based … (CCE-15736-2, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Open files based on content, not file extension" current user setting should be configured correctly for the Intranet Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Open files based… (CCE-15827-9, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Open files based on content, not file extension" machine setting should be configured correctly for the Local Machine Zone. Technical Mechanisms: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Open fi… (CCE-16619-9, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Open files based on content, not file extension" machine setting should be configured correctly for the Trusted Sites Zone. Technical Mechanisms: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Open fi… (CCE-16208-1, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Open files based on content, not file extension" current user setting should be configured correctly for the Trusted Sites Zone. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Open f… (CCE-16021-8, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • Disable the Open File Based On Content, Not File Extension setting in a limited functionality environment (oval:gov.nist.fdcc.ie7:def:953, oval:gov.nist.fdcc.ie7:def:706, FDCC Windows IE7 SCAP content using OVAL (fdcc-ie7-oval.xml, fdcc-ie7-patches.xml), Version 5.4)
  • Open files based on content, not file extension - Internet Zone - Local Computer (OpenFilesBasedOnContent_InternetZone_LocalComputer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • Open files based on content, not file extension - Restricted Sites Zone - Local Computer (OpenFilesBasedOnContent_RestrictedSitesZone_LocalComputer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature. (xccdf_gov.nist_rule_OpenFilesBasedOnContent_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie7:def:706, oval:gov.nist.USGCB.ie7:tst:3438, oval:gov.nist.USGCB.ie7:obj:71, oval:gov.nist.USGCB.ie7:ste:3570, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature. (xccdf_gov.nist_rule_OpenFilesBasedOnContent_InternetZone_LocalComputer, oval:gov.nist.USGCB.ie7:def:953, oval:gov.nist.USGCB.ie7:tst:3987, oval:gov.nist.USGCB.ie7:obj:162, oval:gov.nist.USGCB.ie7:ste:3201, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature. (xccdf_gov.nist_rule_OpenFilesBasedOnContent_InternetZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31034, oval:gov.nist.USGCB.ie8:tst:31034, oval:gov.nist.USGCB.ie8:obj:31034, oval:gov.nist.USGCB.ie8:ste:31034, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)
  • This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature. (xccdf_gov.nist_rule_OpenFilesBasedOnContent_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31072, oval:gov.nist.USGCB.ie8:tst:31072, oval:gov.nist.USGCB.ie8:obj:31072, oval:gov.nist.USGCB.ie8:ste:31072, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)