Checklist Summary:

The Internet Explorer (IE) 10 Overview, along with the IE 10 Security Technical Implementation Guides (STIGs), provides the technical security policies, requirements, and implementation details for applying security concepts to Microsoft Internet Explorer 10 web browser.

Checklist Role:

• Web Browser

Known Issues:

Not provided.

Target Audience:

The requirements and recommendations set forth in this document will assist IAOs and Information Assurance Managers (IAMs) in protecting web browser applications in DoD locations, hereafter referred to as sites. The responsible Configuration Control Board (CCB) will approve revisions to site systems that could have a security impact. Therefore, before implementing web browser application security measures, the IAO will submit a change notice to the CCB for review and approval. Although there are a few different operating system platforms for desktop environments, this document addresses Internet Explorer 10 running on Microsoft Windows 8 platforms only. This document does not include specific guidance for UNIX, Linux, or Apple desktop environments at this time. Although not directly outlined, the intent of the security requirements detailed in this document also apply to IE 10 web browser applications installed on Microsoft Windows Server platforms, as well as Microsoft Windows Workstation platforms. On server platforms, the security configuration parameters will be set to at least as restrictive values as those listed in this document.

Target Operational Environment:

• Managed

Testing Information:

Not provided.

Regulatory Compliance:

DoDD 8500.1

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

It must be noted that the guidelines specified should be evaluated in a local, representative test environment before implementation within large user populations. The extensive variety of environments makes it impossible to test these guidelines for all potential software configurations. For some environments, failure to test before implementation may lead to a loss of required functionality.

Product Support:

Not provided.

Point of Contact:

Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Sponsor:

Not provided.

Licensing:

Not provided.

Change History:

Version 1, Release 10 Standalone - 03 August 2015
Version 1, Release 5 Benchmark - 03 August 2015
Changed status from "Under Review" to "Final" - 03 June 2015
Version 1, Release 5 - 25 July 2014 (XCCDF only)
Version 1, Release 4 - 24 January 2014 (XCCDF only)
Version 1, Release 3 - 24 January 2014
Version 1, Release 3 - 25 October 2013 (XCCDF only)
Version 1, Release 2 - 26 April 2013
Version 1, Release 1 - 13 December 2012
Version 1, Release 6 - 30 October 2014
Version 1, Release 7 - 15 December 2014
Version 1, Release 8 - 23 January 2015
Changed status from "under review" to "final" - 11 September 2015
Version 1, Release 11 - 27 October 2015
Version 1, Release 6 Benchmark - 27-October 2015
Changed status from "Under Review" to "Final" - 03 December 2015
Version 1, Release 12 - 29 January 2016
3/8/2016 - Promote to Final
4/192016 Promote to Final
updated to v1, r13 - 07/22/2016
Moved to FINAL - 09/08/2016
Updated STIG to V1, R14 - 10-28-2016
updated to FINAL - 12/07/2016
updated to Version 1 Release 15 - 04/28/2017
Updated to FINAL - 05/30/2017
null
Updated URL to reflect change to the DISA website - http --> https
Updated URLs - 6/7/19
removed reference link and changed status to archive per DISA changes - 1/17/2020

Dependency/Requirements:

URL	Description

References:

Reference URL	Description

NIST checklist record last modified on 01/17/2020