Back

Configure the "Script ActiveX controls marked safe for scripting" setting in limited functionality environments properly.


CONTROL ID
04438
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure Internet Browser security options according to organizational standards., CC ID: 02166

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • This setting determines if an ActiveX control marked safe for scripting can interact with a script. For Enterprise Client environments, the Script ActiveX Controls Marked Safe For Scripting setting is Not Configured. For Specialized Security - Limited Functionality environments, this setting should … (Pg 115, Microsoft Windows Vista Security Guide Appendix A: Security Group Policy Settings)
  • The "Script ActiveX controls marked safe for scripting" machine setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted S… (CCE-10554-4, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • Script ActiveX controls marked safe for scripting - Restricted Sites Zone - Local Computer (ScriptActiveXControlsMarkedSafeForScripting_RestrictedSitesZone_LocalComputer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you enable this policy setting, script interaction can occur automatically without user intervention. (xccdf_gov.nist_rule_ScriptActiveXControlsMarkedSafeForScripting_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie7:def:602, oval:gov.nist.USGCB.ie7:tst:3889, oval:gov.nist.USGCB.ie7:obj:60, oval:gov.nist.USGCB.ie7:ste:3292, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you enable this policy setting, script interaction can occur automatically without user intervention. (xccdf_gov.nist_rule_ScriptActiveXControlsMarkedSafeForScripting_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31076, oval:gov.nist.USGCB.ie8:tst:31076, oval:gov.nist.USGCB.ie8:obj:31076, oval:gov.nist.USGCB.ie8:ste:31076, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)