UCF STIG Viewer Logo

A properties file must be present to hold all the keys that establish properties within the Java control panel.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32902 JRE0080-J7XP SV-43299r2_rule DCBP-1 Medium
Description
The deployment.properties file is used for specifying keys for the Java Runtime Environment. Each option in the Java control panel is represented by property keys. These keys adjust the options in the Java control panel based on the value assigned to that key. By default no deployment.properties file exists; thus, no system-wide deployment exists. Without the deployment.properties file, setting particular options for the Java control panel is impossible.
STIG Date
Java Runtime Environment (JRE) version 7 STIG for WinXP 2014-10-05

Details

Check Text ( C-41215r8_chk )
Locate the deployment.properties files.

For 32 bit systems the path is:

'C:\Program Files\Java\jre7\lib\deployment.properties'

For 64 bit systems there are 2 potential paths as there can be 2 separate JRE's one 32 bit and one 64 bit:

'C:\Program Files\Java\jre7\lib\deployment.properties'
'C:\Program Files (x86)\Java\jre7\lib\deployment.properties'

If there are no files entitled 'deployment.properties', this is a finding.
Fix Text (F-36820r6_fix)
Create the Java deployment properties file. The location of this file can vary.

For 32 bit systems:
C:\Program Files\Java\jre7\lib\deployment.properties.

For 64 bit systems you must check both the 64 bit and the 32 bit files in order for both runtimes to be affected.

C:\Program Files\Java\jre7\lib\deployment.properties
C:\Program Files (x86)\Java\jre7\lib\deployment.properties

Create a properties file entitled 'deployment.properties'.

At a minimum, the following keys must be present in the deployment.properties file.

deployment.security.askgrantdialog.notinca=false
deployment.security.askgrantdialog.notinca.locked
deployment.security.validation.crl=true
deployment.security.validation.crl.locked
deployment.security.validation.ocsp=true
deployment.security.validation.ocsp.locked