Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Oracle JRE 8 must set the option to enable online certificate validation.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-66953 | JRE8-WN-000100 | SV-81443r2_rule | Medium |
| Description |
|---|
| Online certificate validation provides a real-time option to validate a certificate. When enabled, if a certificate is presented, the status of the certificate is requested. The status is sent back as “current”, “expired”, or “unknown”. Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet. Permitting execution of an applet with an invalid certificate may result in malware, system modification, invasion of privacy, and denial of service. |
| STIG | Date |
|---|---|
| Java Runtime Environment (JRE) version 8 STIG for Windows | 2017-06-29 |
Details
| Check Text ( C-67589r2_chk ) |
|---|
| If the system is on the SIPRNet, this requirement is NA. Navigate to the system-level "deployment.properties" file for JRE. - or - If the key "deployment.security.validation.ocsp=true" is not present in the "deployment.properties" file, this is a finding. If the key "deployment.security.validation.ocsp.locked" is not present in the "deployment.properties" file, this is a finding. If the key "deployment.security.validation.ocsp" is set to "false", this is a finding. |
| Fix Text (F-73053r3_fix) |
|---|
| If the system is on the SIPRNet, this requirement is NA. Navigate to the system-level "deployment.properties" file for JRE. Add the key "deployment.security.validation.ocsp=true" to the "deployment.properties" file. Add the key "deployment.security.validation.ocsp.locked" to the "deployment.properties" file. |