Back

Configure the "Check for server certificate revocation" setting in limited functionality environments properly.


CONTROL ID
04413
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure Internet Browser security options according to organizational standards., CC ID: 02166

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • This setting determines if Internet Explorer checks server certificates to see if they have been revoked. Certificates are revoked if they are no longer valid or have been compromised. This will prevent users from submitting data to a site that may be fraudulent or may not be secure. For Enterprise … (Pg 105, Microsoft Windows Vista Security Guide Appendix A: Security Group Policy Settings)
  • The "Check for Server Certificate Revocation" setting should be configured correctly. (oval:gov.nist.fdcc.ie7:def:172, FDCC Windows IE7 SCAP content using OVAL (fdcc-ie7-oval.xml, fdcc-ie7-patches.xml), Version 5.4)
  • Check for Server Certificate Revocation - Local Computer (CheckServerCertificateRevocation_LocalComputer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)