DTBI018-IE11 - Check for publishers certificate revocation must be enforced.

Information

Check for publisher's certificate revocation options should be enforced to ensure all PKI signed objects are validated.

Satisfies: SRG-APP-000605

Solution

If the system is on the SIPRNet, this requirement is NA.

Open Internet Explorer.
From the menu bar, select 'Tools'.
From the 'Tools' drop-down menu, select 'Internet Options'. From the 'Internet Options' window, select the 'Advanced' tab from the 'Advanced' tab window, scroll down to the 'Security' category, and select the 'Check for publisher's certificate revocation' box.

Note: Manual entry in the registry key:

HKCU\Software\Microsoft\Windows\Current Version\WinTrust\Trust Providers\Software Publishing for the value 'State', set to 'REG_DWORD = 23C00', may first be required.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IE11_V2R5_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(2)(a), CAT|III, CCI|CCI-000185, Rule-ID|SV-223016r879612_rule, STIG-ID|DTBI018-IE11, STIG-Legacy|SV-59341, STIG-Legacy|V-46477, Vuln-ID|V-223016

Plugin: Windows

Control ID: 6dff1398d374f4d94b0e52052d76a29563094acf02e7a8fe27e95fdb63ed0791