Check: DTBI018
Microsoft Internet Explorer 9 STIG:
DTBI018
(in version v1 r15)
Title
Check for publishers certificate revocation must be enforced. (Cat II impact)
Discussion
Check for publisher's certificate revocation options should be enforced to ensure all PKI signed objects are validated.
Check Content
Procedure: Open Internet Explorer. From the menu bar select Tools. From the Tools dropdown menu, select the Internet Options. From the Internet Options window, select the "Advanced" tab from the Advanced tab window, scroll down to the Security category, and verify the "check for publishers certificate revocation" box is selected. Procedure: Use the Windows Registry Editor to navigate to the following key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing Criteria: If the value State is REG_DWORD = 65536 (decimal), this is not a finding.
Fix Text
In the Internet Explorer Options, on the "Advanced" tab, scroll down to Security category, and select the "Check for publisher's certificate revocation" box. NOTE: Manual entry for the value State, set to REG_DWORD = 65536, may first be required.
Additional Identifiers
Rule ID: SV-43163r2_rule
Vulnerability ID: V-32808
Group Title: DTBI018 - Publishers Certificate Revocation
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |