Back

Configure the "Run.NET Framework-reliant components not signed with Authenticode" setting in limited functionality environments properly.


CONTROL ID
04435
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure Internet Browser security options according to organizational standards., CC ID: 02166

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • This setting determines if .NET components not signed with Authenticode will execute. For Enterprise Client environments, the Run .NET Framework-Reliant Components Not Signed With Authenticode setting is Not Configured. For Specialized Security - Limited Functionality environments, this setting shou… (Pg 114, Microsoft Windows Vista Security Guide Appendix A: Security Group Policy Settings)
  • The "Run components not signed with Authenticode" setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted… (CCE-3400-9, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Run .NET Framework-reliant components not signed with Authenticode" machine setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security … (CCE-9898-8, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Run components not signed with Authenticode" setting should be configured correctly for the Restricted Sites Zone. (oval:gov.nist.fdcc.ie7:def:329, FDCC Windows IE7 SCAP content using OVAL (fdcc-ie7-oval.xml, fdcc-ie7-patches.xml), Version 5.4)
  • Run .NET Framework-reliant components not signed with Authenticode - Restricted Sites Zone - Local Computer (RunNETFrameworkReliantComponentsNotSignedWithAuthenticode_RestrictedSitesZone_LocalComputer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. (xccdf_gov.nist_rule_RunNETFrameworkReliantComponentsNotSignedWithAuthenticode_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie7:def:329, oval:gov.nist.USGCB.ie7:tst:4093, oval:gov.nist.USGCB.ie7:obj:74, oval:gov.nist.USGCB.ie7:ste:3306, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. (xccdf_gov.nist_rule_RunNETFrameworkReliantComponentsNotSignedWithAuthenticode_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31073, oval:gov.nist.USGCB.ie8:tst:31073, oval:gov.nist.USGCB.ie8:obj:31073, oval:gov.nist.USGCB.ie8:ste:31073, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)