The General Desktop Applications STIG has requirements maintained by the DISA FSO who also develops and maintains the DISA “Gold Disk”. This tool is produced to aid in the security assessment process and can also be used in the remediation process for Microsoft Windows systems. It contains a fully documented user’s guide, The Windows Gold Disk User’s Guide for Version 2 which can assist system administrators and reviewers in the use of the Gold Disk. The reviewer uses the output of the Gold Disk to analyze and document potential security vulnerabilities. This can then be used with a Vulnerability Management System. Open Source Software (OSS) must meet the same specifications as commercial and government off the shelf software and the source code must be readily available for review. Internet Explorer 11 STIG focuses on mobile code and the types that are acceptable. Use of Category 1X mobile code is prohibited. Use of Category 1X mobile code technologies and/or products that cannot differentiate between signed and unsigned mobile code or cannot be configured to disable unsigned mobile code is prohibited; such products and/or technologies will be uninstalled or disabled from executing mobile code.
Examples: Mobile code scripts executing in
UNIX Shell scripts*
-MS-DOS Batch scripts*
-Shockwave movies (including Xtras)
-HTML Applications (i.e., .hta files) that download as mobile code
-Binary executables (e.g., .exe files) that download as mobile code
-Mozilla/Netscape ActiveX Plugin runtime implementations
-Netscape 8.0 and 8.1 ActiveX runtime implementations (unless the internal Internet Explorer rendering engine is uninstalled/deleted)
* when used as mobile code
Use of unsigned Category 1A mobile code is prohibited; download and execution of unsigned Category 1A mobile code will be disabled or the technology will be uninstalled. Category 1A mobile code that is signed with an approved PKI code-signing certificate and obtained from a...