UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Java Runtime Environment (JRE) version 8 STIG for Windows


Overview

Date Finding Count (16)
2017-12-21 CAT I (High): 1 CAT II (Med): 14 CAT III (Low): 1
STIG Description
The Java Runtime Environment (JRE) is a bundle developed and offered by Oracle Corporation which includes the Java Virtual Machine (JVM), class libraries, and other components necessary to run Java applications and applets. Certain default settings within the JRE pose a security risk so it is necessary to deploy system wide properties to ensure a higher degree of security when utilizing the JRE.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-66967 High The version of Oracle JRE 8 running on the system must be the most current available.
V-66947 Medium Oracle JRE 8 must be set to allow Java Web Start (JWS) applications.
V-66955 Medium Oracle JRE 8 must prevent the download of prohibited mobile code.
V-66957 Medium Oracle JRE 8 must enable the option to use an accepted sites list.
V-66943 Medium Oracle JRE 8 must have a deployment.properties file present.
V-66951 Medium Oracle JRE 8 must lock the dialog enabling users to grant permissions to execute signed content from an untrusted authority.
V-66941 Medium Oracle JRE 8 deployment.config file must contain proper keys and values.
V-66953 Medium Oracle JRE 8 must set the option to enable online certificate validation.
V-66723 Medium Oracle JRE 8 must lock the option to enable users to check publisher certificates for revocation.
V-66959 Medium Oracle JRE 8 must have an exception.sites file present.
V-66949 Medium Oracle JRE 8 must disable the dialog enabling users to grant permissions to execute signed content from an untrusted authority.
V-66963 Medium Oracle JRE 8 must prompt the user for action prior to executing mobile code.
V-66961 Medium Oracle JRE 8 must enable the dialog to enable users to check publisher certificates for revocation.
V-66965 Medium Oracle JRE 8 must remove previous versions when the latest version is installed.
V-66939 Medium Oracle JRE 8 must have a deployment.config file present.
V-66945 Low Oracle JRE 8 must default to the most secure built-in setting.