Check: WINER-000008
Windows Vista STIG:
WINER-000008
(in versions v6 r42 through v6 r41)
Title
The system must be configured to use SSL to forward error reports. (Cat II impact)
Discussion
The use of SSL enables the secure forwarding of error reporting data from local systems to a reporting site.
Check Content
This requirement is NA if Windows Error Reporting is not configured to forward reports to a collection server (see V-57457). If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\ Value Name: CorporateWerUseSSL Type: REG_DWORD Value: 1
Fix Text
This requirement is NA if Windows Error Reporting is not configured to forward reports to a collection server (see V-57457). Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Error Reporting -> Advanced Error Reporting Settings -> "Configure Corporate Windows Error Reporting" to "Enabled" with "Connect using SSL" selected.
Additional Identifiers
Rule ID: SV-71871r1_rule
Vulnerability ID: V-57459
Group Title: WINER-000008
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-002418 |
The information system protects the confidentiality and/or integrity of transmitted information. |
| CCI-002421 |
The information system implements cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by organization-defined alternative physical safeguards. |