JRE8-WN-000060 - Oracle JRE 8 must default to the most secure built-in setting - deployment.security.level.locked

Information

Applications that are signed with a valid certificate and include the permissions attribute in the manifest for the main JAR file are allowed to run with security prompts. All other applications are blocked. Unsigned applications could perform numerous types of attacks on a system.

Solution

Navigate to the system-level 'deployment.properties' file for JRE.

Add the key 'deployment.security.level=VERY_HIGH' to the 'deployment.properties' file.

Add the key 'deployment.security.level.locked' to the 'deployment.properties' file.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_JRE_Windows_V2R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|III, CCI|CCI-000366, Rule-ID|SV-234686r617446_rule, STIG-ID|JRE8-WN-000060, STIG-Legacy|SV-81435, STIG-Legacy|V-66945, Vuln-ID|V-234686

Plugin: Windows

Control ID: d82d509d9ec26301855526dacce23a9484538b222ad6d30c01910dc43613f330