Title

Trusted app installation must be enabled to allow for signed enterprise line of business apps. (Cat III impact)

Discussion

Enabling trusted app installation allows for enterprise line of business Windows 8 type apps. A trusted app package is one that is signed with a certificate chain that can be successfully validated in the enterprise. Configuring this ensures enterprise line of business apps are accessible.

Check Content

If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Microsoft\Windows\Appx\ Value Name: AllowAllTrustedApps Type: REG_DWORD Value: 1

Fix Text

Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> App Package Deployment -> "Allow all trusted apps to install" to "Enabled".

Additional Identifiers

Rule ID: SV-225362r569185_rule

Vulnerability ID: V-225362

Group Title: SRG-OS-000095-GPOS-00049

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.