STIGQter STIGQter: STIG Summary: Java Runtime Environment (JRE) version 8 STIG for Windows Version: 1 Release: 5 Benchmark Date: 26 Jan 2018: Oracle JRE 8 must disable the dialog enabling users to grant permissions to execute signed content from an untrusted authority.

DISA Rule

SV-81439r2_rule

Vulnerability Number

V-66949

Group Title

SRG-APP-000112

Rule Version

JRE8-WN-000080

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

If the system is on the SIPRNet, this requirement is NA.

Disable the "Allow user to grant permissions to content from an untrusted authority" feature.

Navigate to the system-level "deployment.properties" file for JRE.

Add the key "deployment.security.askgrantdialog.notinca=false" to the "deployment.properties" file.

Add the key "deployment.security.askgrantdialog.notinca.locked" to the "deployment.properties" file.

Check Contents

If the system is on the SIPRNet, this requirement is NA.

Navigate to the system-level "deployment.properties" file for Java.

<Windows Directory>\Sun\Java\Deployment\deployment.properties
- or -
<JRE Installation Directory>\Lib\deployment.properties

If the key "deployment.security.askgrantdialog.notinca=false" is not present, this is a finding.

If the key "deployment.security.askgrantdialog.notinca.locked" is not present, this is a finding.

If the key "deployment.security.askgrantdialog.notinca" exists and is set to "true", this is a finding.

Vulnerability Number

V-66949

Documentable

False

Rule Version

JRE8-WN-000080

Severity Override Guidance

If the system is on the SIPRNet, this requirement is NA.

Navigate to the system-level "deployment.properties" file for Java.

<Windows Directory>\Sun\Java\Deployment\deployment.properties
- or -
<JRE Installation Directory>\Lib\deployment.properties

If the key "deployment.security.askgrantdialog.notinca=false" is not present, this is a finding.

If the key "deployment.security.askgrantdialog.notinca.locked" is not present, this is a finding.

If the key "deployment.security.askgrantdialog.notinca" exists and is set to "true", this is a finding.

Check Content Reference

M

Target Key

3045

Comments