UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Firefox must be configured to ask which certificate to present to a website when a certificate is required.


Overview

Finding ID Version Rule ID IA Controls Severity
V-251547 FFOX-00-000003 SV-251547r879614_rule Medium
Description
When a website asks for a certificate for user authentication, Firefox must be configured to have the user choose which certificate to present. Websites within DoD require user authentication for access, which increases security for DoD information. Access will be denied to the user if certificate management is not configured.
STIG Date
Mozilla Firefox Security Technical Implementation Guide 2023-06-05

Details

Check Text ( C-54982r807111_chk )
Type "about:policies" in the browser address bar.

If "security.default_personal_cert" is not displayed with a value of "Ask Every Time", this is a finding.
Fix Text (F-54936r807112_fix)
Windows group policy:
1. Open the group policy editor tool with "gpedit.msc".
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\
Policy Name: Preferences
Policy State: Enabled
Policy Value:
{
"security.default_personal_cert": {
"Value": "Ask Every Time",
"Status": "locked"
}
}

macOS "plist" file:
Add the following:
Preferences

security.default_personal_cert

Value
Ask Every Time
Status
locked



Linux "policies.json" file:
Add the following in the policies section:
"Preferences": {
"security.default_personal_cert": {
"Value": "Ask Every Time",
"Status": "locked"
}
}