STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Microsoft Edge Security Technical Implementation Guide

V-235755

CAT III (Low)

Extensions that are approved for use must be allowlisted if used.

Rule ID

SV-235755r961479_rule

STIG

Microsoft Edge Security Technical Implementation Guide

Version

V2R5

CCIs

CCI-001774

Discussion

By default, all extensions are allowed. However, if all extensions are blocked by setting the "ExtensionInstallBlockList" policy to "*," users can only install extensions defined in this policy.

Check Content

This requirement for "Allow specific extensions to be installed" is not required; this is optional.

The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Extensions/Allow specific extensions to be installed" must be set to "Enabled".

Use the Windows Registry Editor to navigate to the following key:
HKLM\SOFTWARE\Policies\Microsoft\Edge

"ExtensionInstallAllowlist" must be set as follows:
HKLM\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallAllowlist\1 = "extension_id1"
HKLM\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallAllowlist\2 = "extension_id2"

If configured, the list of extensions for which Microsoft Edge allows to be installed may be allowlisted.

Fix Text

Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Extensions/Allow specific extensions to be installed" to "Enabled".  A list of allowlisted extensions may then be specified.