Oracle JRE 8 must default to the most secure built-in setting.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-66945	JRE8-WN-000060	SV-81435r2_rule		Low

Description
Applications that are signed with a valid certificate and include the permissions attribute in the manifest for the main JAR file are allowed to run with security prompts. All other applications are blocked. Unsigned applications could perform numerous types of attacks on a system.

STIG	Date
Java Runtime Environment (JRE) version 8 STIG for Windows	2017-06-29

Details

Check Text ( C-67581r2_chk )
Navigate to the system-level "deployment.properties" file for JRE. \Sun\Java\Deployment\deployment.properties - or - \Lib\deployment.properties If the key "deployment.security.level=VERY_HIGH" is not present in the "deployment.properties file", or is set to "HIGH", this is a finding. If the key "deployment.security.level.locked" is not present in the "deployment.properties" file, this is a finding.

Check Text ( C-67581r2_chk )

Navigate to the system-level "deployment.properties" file for JRE.

\Sun\Java\Deployment\deployment.properties
- or -
\Lib\deployment.properties

If the key "deployment.security.level=VERY_HIGH" is not present in the "deployment.properties file", or is set to "HIGH", this is a finding.

If the key "deployment.security.level.locked" is not present in the "deployment.properties" file, this is a finding.

Fix Text (F-73045r3_fix)
Navigate to the system-level "deployment.properties" file for JRE. Add the key "deployment.security.level=VERY_HIGH" to the "deployment.properties" file. Add the key "deployment.security.level.locked" to the "deployment.properties" file.