Title

Windows 10 must be configured to prevent certificate error overrides in Microsoft Edge. (Cat II impact)

Discussion

Web security certificates provide an indication whether a site is legitimate. This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing.

Check Content

This setting is applicable starting with v1809 of Windows 10; it is NA for prior versions. Windows 10 LTSC\B versions do not include Microsoft Edge; this is NA for those systems. If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\MicrosoftEdge\Internet Settings\ Value Name: PreventCertErrorOverrides Type: REG_DWORD Value: 0x00000001 (1)

Fix Text

Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Edge >> "Prevent certificate error overrides" to "Enabled".

Additional Identifiers

Rule ID: SV-220842r569187_rule

Vulnerability ID: V-220842

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.