Online revocation checks must be performed.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-235747	EDGE-00-000030	SV-235747r626523_rule		Medium

Description
Control whether online revocation checks (OCSP/CRL checks) are required. If Microsoft Edge cannot get revocation status information, these certificates are treated as revoked ("hard-fail"). If this policy is enabled, Microsoft Edge always performs revocation checking for server certificates that successfully validate and are signed by locally installed CA certificates.

STIG	Date
Microsoft Edge Security Technical Implementation Guide	2021-02-16

Details

Check Text ( C-38966r626437_chk )
The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Specify if online OCSP/CRL checks are required for local trust anchors" must be set to "enabled". Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge If the value for "RequireOnlineRevocationChecksForLocalAnchors" is not set to "REG_DWORD = 1", this is a finding.

Check Text ( C-38966r626437_chk )

The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Specify if online OCSP/CRL checks are required for local trust anchors" must be set to "enabled".

Use the Windows Registry Editor to navigate to the following key:
HKLM\SOFTWARE\Policies\Microsoft\Edge

If the value for "RequireOnlineRevocationChecksForLocalAnchors" is not set to "REG_DWORD = 1", this is a finding.

Fix Text (F-38929r626438_fix)
Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Specify if online OCSP/CRL checks are required for local trust anchors" to "enabled".