Check: WN10-CC-000238
Microsoft Windows 10 STIG:
WN10-CC-000238
(in versions v3 r2 through v1 r15)
Title
Windows 10 must be configured to prevent certificate error overrides in Microsoft Edge. (Cat II impact)
Discussion
Web security certificates provide an indication whether a site is legitimate. This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing.
Check Content
This setting is applicable starting with v1809 of Windows 10; it is NA for prior versions. Windows 10 LTSC\B versions do not include Microsoft Edge; this is NA for those systems. If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\MicrosoftEdge\Internet Settings\ Value Name: PreventCertErrorOverrides Type: REG_DWORD Value: 0x00000001 (1)
Fix Text
Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Edge >> "Prevent certificate error overrides" to "Enabled".
Additional Identifiers
Rule ID: SV-220842r991589_rule
Vulnerability ID: V-220842
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |