An error occurred:

Check: EDGE-00-000030

Microsoft Edge STIG: EDGE-00-000030 (in versions v1 r8 through v1 r2)

Title

Online revocation checks must be performed. (Cat II impact)

Discussion

If you enable this policy, Microsoft Edge will perform soft-fail, online OCSP/CRL checks. "Soft fail" means that if the revocation server can't be reached, the certificate will be considered valid. If you disable the policy or don't configure it, Microsoft Edge won't perform online revocation checks.

Check Content

The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Enable online OCSP/CRL checks" must be set to "Enabled". Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge If the value for "EnableOnlineRevocationChecks" is not set to "REG_DWORD = 1", this is a finding.

Fix Text

Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Enable online OCSP/CRL checks" to "Enabled".

Additional Identifiers

Rule ID: SV-235747r879612_rule

Vulnerability ID: V-235747

Group Title: SRG-APP-000175

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000185

The information system, for PKI-based authentication, validates certifications by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-5 (2)

Pki-Based Authentication