Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Online revocation checks must be performed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-235747 | EDGE-00-000030 | SV-235747r626523_rule | Medium |
| Description |
|---|
| Control whether online revocation checks (OCSP/CRL checks) are required. If Microsoft Edge cannot get revocation status information, these certificates are treated as revoked ("hard-fail"). If this policy is enabled, Microsoft Edge always performs revocation checking for server certificates that successfully validate and are signed by locally installed CA certificates. |
| STIG | Date |
|---|---|
| Microsoft Edge Security Technical Implementation Guide | 2021-02-16 |
Details
| Check Text ( C-38966r626437_chk ) |
|---|
| The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Specify if online OCSP/CRL checks are required for local trust anchors" must be set to "enabled". Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge If the value for "RequireOnlineRevocationChecksForLocalAnchors" is not set to "REG_DWORD = 1", this is a finding. |
| Fix Text (F-38929r626438_fix) |
|---|
| Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Specify if online OCSP/CRL checks are required for local trust anchors" to "enabled". |