Back

Configure the "Prevent ignoring certificate errors" setting in limited functionality environments properly.


CONTROL ID
04411
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure Internet Browser security options according to organizational standards., CC ID: 02166

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • This setting prevents users from viewing Web sites whose SSL/TLS certificates have errors, such as "expired," "revoked," or "name mismatch." For Enterprise Client environments, the Internet Control Panel\Prevent Ignoring Certificate Errors setting is Not Configured. For Specialized Security - Limite… (Pg 103, Microsoft Windows Vista Security Guide Appendix A: Security Group Policy Settings)
  • The "Prevent Ignoing Certificate Errors" setting should be configured correctly. (oval:gov.nist.fdcc.ie7:def:655, FDCC Windows IE7 SCAP content using OVAL (fdcc-ie7-oval.xml, fdcc-ie7-patches.xml), Version 5.4)
  • Prevent ignoring certificate errors - Local Computer (prevent_ignoring_certificate_errors_local_computer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)