TickYouOff
Back
🔒

Microsoft Edge STIG Implementation

Hard 19 items · 4 hours
testuser's avatar
testuser Published 4 months ago

A practical checklist to implement the Microsoft Edge Security Technical Implementation Guide (STIG) in managed environments. Ideal for IT admins and security teams who need to apply DISA guidance, deploy GPO/Intune settings, scan for compliance, and maintain ongoing configuration control.

Source: https://ncp.nist.gov/checklist/986

Progress
0 / 19
  1. Review Microsoft Edge STIG document (Ver 2, Rel 4) — Read DISA guidance for the Chromium-based Edge to understand required settings.
  2. Define scope and inventory affected systems — List OS versions, Edge builds, device groups, and OUs in scope.
  3. Backup current browser configurations and GPOs — Export existing GPOs and save Edge profile settings before changes.
  4. Download and verify STIG resources — Get SCAP 1.3 content, XCCDF, GPO package, and Intune policies; check SHAs.
  5. Review change history and DISA updates — Check recent updates and resource changes through the latest dates.
  6. Map STIG settings to organizational policy and exceptions — Document which STIG controls apply and note any approved exceptions.
  7. Configure Group Policy Objects (GPO)
  8. Import GPO package into your domain controller — Use the provided GPO files from DISA for faster deployment.
  9. Link GPO to target OUs and enforce where required — Apply to device/user OUs and verify replication across domain controllers.
  10. Configure Intune policies for managed endpoints
  11. Import and assign Intune policy package to device groups — Apply Intune settings to applicable device groups and users.
  12. Monitor policy deployment and replication — Confirm GPO/Intune deployment success and check for errors.
  13. Apply local browser settings where GPO/Intune are not available — Manually set critical options on unmanaged or legacy systems.
  14. Run automated SCAP/SCC compliance scans — Use the SCAP 1.3 content or SCC tooling to scan endpoints.
  15. Review scan results and generate findings — Prioritize findings by severity and document affected hosts.
  16. Remediate non-compliant findings — Apply fixes, update policies, or document accepted risks.
  17. Perform manual testing of critical browser functionality — Test authentication, extensions, and enterprise features after changes.
  18. Document configuration, change control, and retention — Record applied settings, versions, approval records, and backup locations.
  19. Establish ongoing review and update schedule — Plan periodic STIG reviews and monitor DISA updates and SHAs.
Sign in to save
📝 My Notes