Oracle JRE 8 must default to the most secure built-in setting.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-66945	JRE8-WN-000060	SV-81435r1_rule		Low

Description
Applications that are signed with a valid certificate and include the permissions attribute in the manifest for the main JAR file are allowed to run with security prompts. All other applications are blocked. Unsigned applications could perform numerous types of attacks on a system.

STIG	Date
Java Runtime Environment (JRE) Version 8 STIG for Windows	2016-09-27

Details

Check Text ( C-67581r1_chk )
Navigate to the system-level “deployment.properties” file for JRE. The location of the deployment.properties file is defined in \Lib\deployment.config If the key “deployment.security.level=VERY_HIGH” is not present in the deployment.properties file, or is set to “HIGH”, this is a finding. If the key “deployment.security.level.locked” is not present in the deployment.properties file, this is a finding.

Check Text ( C-67581r1_chk )

Navigate to the system-level “deployment.properties” file for JRE.

The location of the deployment.properties file is defined in \Lib\deployment.config

If the key “deployment.security.level=VERY_HIGH” is not present in the deployment.properties file, or is set to “HIGH”, this is a finding.

If the key “deployment.security.level.locked” is not present in the deployment.properties file, this is a finding.

Fix Text (F-73045r2_fix)
Navigate to the system-level “deployment.properties” file for JRE. The location of the deployment.properties file is defined in \Lib\deployment.config Add the key “deployment.security.level=VERY_HIGH” to the deployment.properties file. Add the key “deployment.security.level.locked” to the deployment.properties file.