STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

Microsoft Internet Explorer 11 Security Technical Implementation Guide

Version

V2R7

Release Date

Feb 24, 2026

SCAP Benchmark ID

IE_11_STIG

Total Checks

137

Tags

other

CAT I: 1CAT II: 133CAT III: 3

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON Download STIG ZIP

Checks (137)

V-223015MEDIUMThe Internet Explorer warning about certificate address mismatch must be enforced.V-223016LOWCheck for publishers certificate revocation must be enforced.V-223017MEDIUMThe Download signed ActiveX controls property must be disallowed (Internet zone).V-223018MEDIUMThe Download unsigned ActiveX controls property must be disallowed (Internet zone).V-223019MEDIUMThe Initialize and script ActiveX controls not marked as safe property must be disallowed (Internet zone).V-223020MEDIUMThe Java permissions must be disallowed (Internet zone).V-223021MEDIUMAccessing data sources across domains must be disallowed (Internet zone).V-223022MEDIUMFunctionality to drag and drop or copy and paste files must be disallowed (Internet zone).V-223023MEDIUMLaunching programs and files in IFRAME must be disallowed (Internet zone).V-223024MEDIUMNavigating windows and frames across different domains must be disallowed (Internet zone).V-223025MEDIUMUserdata persistence must be disallowed (Internet zone).V-223026MEDIUMClipboard operations via script must be disallowed (Internet zone).V-223027MEDIUMLogon options must be configured to prompt (Internet zone).V-223028MEDIUMJava permissions must be configured with High Safety (Intranet zone).V-223029MEDIUMAnti-Malware programs against ActiveX controls must be run for the Intranet zone.V-223030MEDIUMJava permissions must be configured with High Safety (Trusted Sites zone).V-223031MEDIUMAnti-Malware programs against ActiveX controls must be run for the Trusted Sites zone.V-223032MEDIUMDragging of content from different domains within a window must be disallowed (Internet zone).V-223033MEDIUMDragging of content from different domains across windows must be disallowed (Restricted Sites zone).V-223034MEDIUMInternet Explorer Processes Restrict ActiveX Install must be enforced (Explorer).V-223035MEDIUMInternet Explorer Processes Restrict ActiveX Install must be enforced (iexplore).V-223036MEDIUMDragging of content from different domains within a window must be disallowed (Restricted Sites zone).V-223037MEDIUMAnti-Malware programs against ActiveX controls must be run for the Internet zone.V-223038MEDIUMAnti-Malware programs against ActiveX controls must be run for the Restricted Sites zone.V-223039MEDIUMPrevent bypassing SmartScreen Filter warnings must be enabled.V-223040MEDIUMPrevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the internet must be enabled.V-223041MEDIUMPrevent per-user installation of ActiveX controls must be enabled.V-223042MEDIUMPrevent ignoring certificate errors option must be enabled.V-223043MEDIUMTurn on SmartScreen Filter scan option for the Internet Zone must be enabled.V-223044MEDIUMTurn on SmartScreen Filter scan option for the Restricted Sites Zone must be enabled.V-223045MEDIUMThe Initialize and script ActiveX controls not marked as safe must be disallowed (Intranet Zone).V-223046MEDIUMThe Initialize and script ActiveX controls not marked as safe must be disallowed (Trusted Sites Zone).V-223048MEDIUMRun once selection for running outdated ActiveX controls must be disabled.V-223049MEDIUMEnabling outdated ActiveX controls for Internet Explorer must be blocked.V-223050MEDIUMUse of the Tabular Data Control (TDC) ActiveX control must be disabled for the Internet Zone.V-223051MEDIUMThe Download signed ActiveX controls property must be disallowed (Restricted Sites zone).V-223052MEDIUMUse of the Tabular Data Control (TDC) ActiveX control must be disabled for the Restricted Sites Zone.V-223053MEDIUMVBScript must not be allowed to run in Internet Explorer (Internet zone).V-223054MEDIUMThe Download unsigned ActiveX controls property must be disallowed (Restricted Sites zone).V-223055MEDIUMVBScript must not be allowed to run in Internet Explorer (Restricted Sites zone).V-223056LOWInternet Explorer Development Tools Must Be Disabled.V-223057MEDIUMThe Initialize and script ActiveX controls not marked as safe property must be disallowed (Restricted Sites zone).V-223058MEDIUMActiveX controls and plug-ins must be disallowed (Restricted Sites zone).V-223059MEDIUMActiveX controls marked safe for scripting must be disallowed (Restricted Sites zone).V-223060MEDIUMFile downloads must be disallowed (Restricted Sites zone).V-223061MEDIUMJava permissions must be disallowed (Restricted Sites zone).V-223062MEDIUMAccessing data sources across domains must be disallowed (Restricted Sites zone).V-223063MEDIUMThe Allow META REFRESH property must be disallowed (Restricted Sites zone).V-223064MEDIUMFunctionality to drag and drop or copy and paste files must be disallowed (Restricted Sites zone).V-223065MEDIUMLaunching programs and files in IFRAME must be disallowed (Restricted Sites zone).V-223066MEDIUMNavigating windows and frames across different domains must be disallowed (Restricted Sites zone).V-223067MEDIUMUserdata persistence must be disallowed (Restricted Sites zone).V-223068MEDIUMActive scripting must be disallowed (Restricted Sites Zone).V-223069MEDIUMClipboard operations via script must be disallowed (Restricted Sites zone).V-223070MEDIUMLogon options must be configured and enforced (Restricted Sites zone).V-223071MEDIUMConfiguring History setting must be set to 40 days.V-223072MEDIUMInternet Explorer must be set to disallow users to add/delete sites.V-223073MEDIUMInternet Explorer must be configured to disallow users to change policies.V-223074MEDIUMInternet Explorer must be configured to use machine settings.V-223075MEDIUMSecurity checking features must be enforced.V-223076MEDIUMSoftware must be disallowed to run or install with invalid signatures.V-223077MEDIUMThe 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows, must be turned on.V-223078LOWChecking for server certificate revocation must be enforced.V-223079MEDIUMChecking for signatures on downloaded programs must be enforced.V-223080MEDIUMAll network paths (UNCs) for Intranet sites must be disallowed.V-223081MEDIUMScript-initiated windows without size or position constraints must be disallowed (Internet zone).V-223082MEDIUMScript-initiated windows without size or position constraints must be disallowed (Restricted Sites zone).V-223083MEDIUMScriptlets must be disallowed (Internet zone).V-223084MEDIUMAutomatic prompting for file downloads must be disallowed (Internet zone).V-223085MEDIUMJava permissions must be disallowed (Local Machine zone).V-223086MEDIUMAnti-Malware programs against ActiveX controls must be run for the Local Machine zone.V-223087MEDIUMJava permissions must be disallowed (Locked Down Local Machine zone).V-223088MEDIUMJava permissions must be disallowed (Locked Down Intranet zone).V-223089MEDIUMJava permissions must be disallowed (Locked Down Trusted Sites zone).V-223090MEDIUMJava permissions must be disallowed (Locked Down Restricted Sites zone).V-223091MEDIUMXAML files must be disallowed (Internet zone).V-223092MEDIUMXAML files must be disallowed (Restricted Sites zone).V-223093MEDIUMProtected Mode must be enforced (Internet zone).V-223094MEDIUMProtected Mode must be enforced (Restricted Sites zone).V-223095MEDIUMPop-up Blocker must be enforced (Internet zone).V-223096MEDIUMPop-up Blocker must be enforced (Restricted Sites zone).V-223097MEDIUMWebsites in less privileged web content zones must be prevented from navigating into the Internet zone.V-223098MEDIUMWebsites in less privileged web content zones must be prevented from navigating into the Restricted Sites zone.V-223099MEDIUMAllow binary and script behaviors must be disallowed (Restricted Sites zone).V-223100MEDIUMAutomatic prompting for file downloads must be disallowed (Restricted Sites zone).V-223101MEDIUMInternet Explorer Processes for MIME handling must be enforced. (Reserved)V-223102MEDIUMInternet Explorer Processes for MIME handling must be enforced (Explorer).V-223103MEDIUMInternet Explorer Processes for MIME handling must be enforced (iexplore).V-223104MEDIUMInternet Explorer Processes for MIME sniffing must be enforced (Reserved).V-223105MEDIUMInternet Explorer Processes for MIME sniffing must be enforced (Explorer).V-223106MEDIUMInternet Explorer Processes for MIME sniffing must be enforced (iexplore).V-223107MEDIUMInternet Explorer Processes for MK protocol must be enforced (Reserved).V-223108MEDIUMInternet Explorer Processes for MK protocol must be enforced (Explorer).V-223109MEDIUMInternet Explorer Processes for MK protocol must be enforced (iexplore).V-223110MEDIUMInternet Explorer Processes for Zone Elevation must be enforced (Reserved).V-223111MEDIUMInternet Explorer Processes for Zone Elevation must be enforced (Explorer).V-223112MEDIUMInternet Explorer Processes for Zone Elevation must be enforced (iexplore).V-223113MEDIUMInternet Explorer Processes for Restrict File Download must be enforced (Reserved).V-223114MEDIUMInternet Explorer Processes for Restrict File Download must be enforced (Explorer).V-223115MEDIUMInternet Explorer Processes for Restrict File Download must be enforced (iexplore).V-223116MEDIUMInternet Explorer Processes for restricting pop-up windows must be enforced (Reserved).V-223117MEDIUMInternet Explorer Processes for restricting pop-up windows must be enforced (Explorer).V-223118MEDIUMInternet Explorer Processes for restricting pop-up windows must be enforced (iexplore).V-223119MEDIUM.NET Framework-reliant components not signed with Authenticode must be disallowed to run (Restricted Sites Zone).V-223120MEDIUM.NET Framework-reliant components signed with Authenticode must be disallowed to run (Restricted Sites Zone).V-223121MEDIUMScripting of Java applets must be disallowed (Restricted Sites zone).V-223122MEDIUMAutoComplete feature for forms must be disallowed.V-223123MEDIUMCrash Detection management must be enforced.V-223124MEDIUMTurn on the auto-complete feature for user names and passwords on forms must be disabled.V-223125MEDIUMManaging SmartScreen Filter use must be enforced.V-223126MEDIUMBrowser must retain history on exit.V-223127MEDIUMDeleting websites that the user has visited must be disallowed.V-223128MEDIUMInPrivate Browsing must be disallowed.V-223129MEDIUMScripting of Internet Explorer WebBrowser control property must be disallowed (Internet zone).V-223130MEDIUMWhen uploading files to a server, the local directory path must be excluded (Internet zone).V-223131MEDIUMInternet Explorer Processes for Notification Bars must be enforced (Reserved).V-223132MEDIUMSecurity Warning for unsafe files must be set to prompt (Internet zone).V-223133MEDIUMInternet Explorer Processes for Notification Bars must be enforced (Explorer).V-223134MEDIUMActiveX controls without prompt property must be used in approved domains only (Internet zone).V-223135MEDIUMInternet Explorer Processes for Notification Bars must be enforced (iexplore).V-223136MEDIUMCross-Site Scripting Filter must be enforced (Internet zone).V-223137MEDIUMScripting of Internet Explorer WebBrowser Control must be disallowed (Restricted Sites zone).V-223138MEDIUMWhen uploading files to a server, the local directory path must be excluded (Restricted Sites zone).V-223139MEDIUMSecurity Warning for unsafe files must be disallowed (Restricted Sites zone).V-223140MEDIUMActiveX controls without prompt property must be used in approved domains only (Restricted Sites zone).V-223141MEDIUMCross-Site Scripting Filter property must be enforced (Restricted Sites zone).V-223142MEDIUMInternet Explorer Processes Restrict ActiveX Install must be enforced (Reserved).V-223143MEDIUMStatus bar updates via script must be disallowed (Internet zone).V-223144MEDIUM.NET Framework-reliant components not signed with Authenticode must be disallowed to run (Internet zone).V-223145MEDIUM.NET Framework-reliant components signed with Authenticode must be disallowed to run (Internet zone).V-223146MEDIUMScriptlets must be disallowed (Restricted Sites zone).V-223147MEDIUMStatus bar updates via script must be disallowed (Restricted Sites zone).V-223148MEDIUMWhen Enhanced Protected Mode is enabled, ActiveX controls must be disallowed to run in Protected Mode.V-223149MEDIUMDragging of content from different domains across windows must be disallowed (Internet zone).V-250540MEDIUMTurn off Encryption Support must be enabled.V-250541MEDIUMAllow Fallback to SSL 3.0 (Internet Explorer) must be disabled.V-252910HIGHThe version of Internet Explorer running on the system must be a supported version.