DTBI018-IE11 – Check for publishers certificate revocation must be enforced.

Details

Check for publisher’s certificate revocation options should be enforced to ensure all PKI signed objects are validated.

Satisfies: SRG-APP-000605

Solution

If the system is on the SIPRNet, this requirement is NA.

Open Internet Explorer.
From the menu bar, select ‘Tools’.
From the ‘Tools’ drop-down menu, select ‘Internet Options’. From the ‘Internet Options’ window, select the ‘Advanced’ tab from the ‘Advanced’ tab window, scroll down to the ‘Security’ category, and select the ‘Check for publisher’s certificate revocation’ box.

Note: Manual entry in the registry key:

HKCUSoftwareMicrosoftWindowsCurrent VersionWinTrustTrust ProvidersSoftware Publishing for the value ‘State’, set to ‘REG_DWORD = 23C00’, may first be required.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IE11_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Windows.

References

800-53|IA-5(2)(a)
CAT|III
CCI|CCI-000185
Rule-ID|SV-223016r428600_rule
STIG-ID|DTBI018-IE11
STIG-Legacy|SV-59341
STIG-Legacy|V-46477
Vuln-ID|V-223016

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles