STIGQter STIGQter: STIG Summary: Microsoft Edge Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 14 Jan 2021:

URLs must be whitelisted for plugin use.

DISA Rule

SV-235753r626523_rule

Vulnerability Number

V-235753

Group Title

SRG-APP-000378

Rule Version

EDGE-00-000039

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Content settings/Allow pop-up windows on specific sites" to "Enabled". A list of whitelisted URLs may be specified here.

Check Contents

The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Content settings/Allow pop-up windows on specific sites" must be set to "Enabled".

Use the Windows Registry Editor to navigate to the following key:
HKLM\SOFTWARE\Policies\Microsoft\Edge

"PopupsAllowedForUrls" must be set as follows:
HKLM\SOFTWARE\Policies\Microsoft\Edge\PopupsAllowedForUrls\1 = mydomain.com
HKLM\SOFTWARE\Policies\Microsoft\Edge\PopupsAllowedForUrls\2 = myagency.mil

If the value for "PopupsAllowedForUrls" is not set, this is a finding.

If no URLs in the agency require whitelisting for plugin use, this is Not Applicable.

Vulnerability Number

V-235753

Documentable

False

Rule Version

EDGE-00-000039

Severity Override Guidance

The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Content settings/Allow pop-up windows on specific sites" must be set to "Enabled".

Use the Windows Registry Editor to navigate to the following key:
HKLM\SOFTWARE\Policies\Microsoft\Edge

"PopupsAllowedForUrls" must be set as follows:
HKLM\SOFTWARE\Policies\Microsoft\Edge\PopupsAllowedForUrls\1 = mydomain.com
HKLM\SOFTWARE\Policies\Microsoft\Edge\PopupsAllowedForUrls\2 = myagency.mil

If the value for "PopupsAllowedForUrls" is not set, this is a finding.

If no URLs in the agency require whitelisting for plugin use, this is Not Applicable.

Check Content Reference

M

Target Key

5280

Comments