Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Oracle JRE 8 must set the option to enable online certificate validation.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-66953 | JRE8-WN-000100 | SV-81443r1_rule | Medium |
| Description |
|---|
| Online certificate validation provides a real-time option to validate a certificate. When enabled, if a certificate is presented, the status of the certificate is requested. The status is sent back as “current”, “expired”, or “unknown”. Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet. Permitting execution of an applet with an invalid certificate may result in malware, system modification, invasion of privacy, and denial of service. |
| STIG | Date |
|---|---|
| Java Runtime Environment (JRE) Version 8 STIG for Windows | 2016-09-27 |
Details
| Check Text ( C-67589r1_chk ) |
|---|
| If the system is on the SIPRNet, this requirement is NA. Navigate to the system-level “deployment.properties” file for JRE. The location of the deployment.properties file is defined in If the key “deployment.security.validation.ocsp=true” is not present in the deployment.properties file, this is a finding. If the key “deployment.security.validation.ocsp.locked” is not present in the deployment.properties file, this is a finding. If the key “deployment.security.validation.ocsp” is set to “false”, this is a finding. |
| Fix Text (F-73053r2_fix) |
|---|
| If the system is on the SIPRNet, this requirement is NA. Navigate to the system-level “deployment.properties” file for JRE. The location of the deployment.properties file is defined in Add the key “deployment.security.validation.ocsp=true” to the deployment.properties file. Add the key “deployment.security.validation.ocsp.locked” to the deployment.properties file. |