Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-32832 | JRE0040-J7XP | SV-43220r2_rule | DCBP-1 | Medium |
Description |
---|
Online certificate validation provides a real-time option to validate a certificate. When enabled, if a certificate is presented, the status of the certificate is requested. The status is sent back as 'current', 'expired', or 'unknown'. Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet. Permitting execution of an applet with an invalid certificate may result in malware, system modification, invasion of privacy, and denial of service. |
STIG | Date |
---|---|
Java Runtime Environment (JRE) version 7 STIG for WinXP | 2014-04-04 |
Check Text ( C-41192r9_chk ) |
---|
If the system is on the SIPRNET, this requirement is NA. Navigate to the 'deployment.properties' file for Java. For 32 bit systems: C:\Program Files\Java\jre7\lib\deployment.properties. For 64 bit systems you must check both the 64 bit and the 32 bit files: C:\Program Files\Java\jre7\lib\deployment.properties C:\Program Files (x86)\Java\jre7\lib\deployment.properties If the key 'deployment.security.validation.ocsp' is not present in the deployment.properties file, this is a finding. If the key 'deployment.security.validation.ocsp' is set to 'false', this is a finding. |
Fix Text (F-36748r9_fix) |
---|
If the system is on the SIPRNET, this requirement is NA. Enable the 'Enable online certificate validation' option. Navigate to the 'deployment.properties' file for Java. For 32 bit systems: C:\Program Files\Java\jre7\lib\deployment.properties. For 64 bit systems you must check both the 64 bit and the 32 bit files: C:\Program Files\Java\jre7\lib\deployment.properties C:\Program Files (x86)\Java\jre7\lib\deployment.properties Add or update the key 'deployment.security.validation.ocsp' to the deployment.properties file. Set the value to 'true'. |