Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-32831 | JRE0030-J72K7 | SV-43641r4_rule | DCBP-1 | Medium |
Description |
---|
Certificates may be revoked due to improper issuance, compromise of the certificate, and failure to adhere to policy. Therefore, any certificate found revoked on a CRL or via Online Certificate Status Protocol (OCSP) should not be trusted. Permitting execution of an applet published with a revoked certificate may result in spoofing, malware, system modification, invasion of privacy, and denial of service. Ensuring users cannot change these settings assures a more consistent security profile. |
STIG | Date |
---|---|
Java Runtime Environment (JRE) version 7 STIG for Windows 7 | 2014-12-29 |
Check Text ( C-41513r7_chk ) |
---|
If the system is on the SIPRNET, this requirement is NA. Navigate to the 'deployment.properties' file for Java. For 32 bit systems: C:\Program Files\Java\jre7\lib\deployment.properties. For 64 bit systems you must check both the 64 bit and the 32 bit files: C:\Program Files\Java\jre7\lib\deployment.properties C:\Program Files (x86)\Java\jre7\lib\deployment.properties If the key 'deployment.security.validation.crl.locked' is not present in the deployment.properties file, this is a finding. If the key 'deployment.security.validation.ocsp.locked' is not present in the deployment.properties file, this is a finding. |
Fix Text (F-37149r6_fix) |
---|
Navigate to the 'deployment.properties' file for Java. For 32 bit systems: C:\Program Files\Java\jre7\lib\deployment.properties. For 64 bit systems you must check both the 64 bit and the 32 bit files: C:\Program Files\Java\jre7\lib\deployment.properties C:\Program Files (x86)\Java\jre7\lib\deployment.properties Add the key 'deployment.security.validation.crl.locked' to the deployment.properties file. Add the key 'deployment.security.validation.ocsp.locked' to the deployment.properties file. |