Back

Configure the "Java permissions" setting in limited functionality environments properly.


CONTROL ID
04430
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure Internet Browser security options according to organizational standards., CC ID: 02166

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Java content should be prevented from automatically installing on a computer when a website is visited. (ยง 3.5.43, Australian Government ICT Security Manual (ACSI 33))
  • This setting determines the permissions for Java applets. For Enterprise Client environments, the Java Permissions setting is Not Configured. For Specialized Security - Limited Functionality environments, this setting should be set to Enabled:Disable Java. This setting is applicable to the Internet … (Pg 112, Microsoft Windows Vista Security Guide Appendix A: Security Group Policy Settings)
  • The "Java permissions" setting should be configured correctly for the Internet Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet … (CCE-3963-6, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Java permissions" setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/R… (CCE-3996-6, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Java permissions" setting should be configured correctly for the Locked Down Intranet Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Pa… (CCE-3754-9, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Java permissions" setting should be configured correctly for the Local Machine Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Loca… (CCE-3891-9, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Java permissions" setting should be configured correctly for the Locked Down Local Machine Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Securi… (CCE-4160-8, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Java permissions" setting should be configured correctly for the Intranet Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet … (CCE-4652-4, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Java permissions" setting should be configured correctly for the Locked Down Internet Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Pa… (CCE-4692-0, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Java permissions" setting should be configured correctly for the Locked Down Restricted Sites Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Sec… (CCE-3902-4, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Java permissions" setting should be configured correctly for the Locked Down Trusted Sites Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Securi… (CCE-4564-1, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Java permissions" setting should be configured correctly for the Trusted Sites Zone. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trus… (CCE-4845-4, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
  • The "Java permissions" machine setting should be configured correctly for the Internet Zone. Technical Mechanisms: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Java permissions (2) Registry Key: HKE… (CCE-10182-4, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Java permissions" machine setting should be configured correctly for the Restricted Sites Zone. Technical Mechanisms: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Java permissions (2) R… (CCE-10620-3, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Java permissions" machine setting should be configured correctly for the Intranet Zone. Technical Mechanisms: (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Java permissions (2) Registry … (CCE-10566-8, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Java permissions" machine setting should be configured correctly for the Local Machine Zone. Technical Mechanisms: (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Java permissions (2)… (CCE-10319-2, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Java permissions" machine setting should be configured correctly for the Locked-Down Internet Zone. Technical Mechanisms: (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Java p… (CCE-10597-3, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Java permissions" machine setting should be configured correctly for the Locked-Down Intranet Zone. Technical Mechanisms: (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Java p… (CCE-10342-4, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Java permissions" machine setting should be configured correctly for the Locked-Down Local Machine Zone. Technical Mechanisms: (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Z… (CCE-10535-3, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Java permissions" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. Technical Mechanisms: (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted S… (CCE-10275-6, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Java permissions" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. Technical Mechanisms: (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Z… (CCE-10654-2, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • The "Java permissions" machine setting should be configured correctly for the Trusted Sites Zone. Technical Mechanisms: (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Java permissions (2)… (CCE-10696-3, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
  • Disable Java in the Java Permissions setting for limited functionality environments (oval:gov.nist.fdcc.ie7:def:1174, oval:gov.nist.fdcc.ie7:def:824, oval:gov.nist.fdcc.ie7:def:2039, oval:gov.nist.fdcc.ie7:def:1422, oval:gov.nist.fdcc.ie7:def:1986, oval:gov.nist.fdcc.ie7:def:1883, oval:gov.nist.fdcc.ie7:def:1419, oval:gov.nist.fdcc.ie7:def:1753, oval:gov.nist.fdcc.ie7:def:1699, oval:gov.nist.fdcc.ie7:def:1379, FDCC Windows IE7 SCAP content using OVAL (fdcc-ie7-oval.xml, fdcc-ie7-patches.xml), Version 5.4)
  • Java permissions - Internet Zone - Local Computer (java_permissions_internet_zone_local_computer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • Java permissions - Restricted Sites Zone - Local Computer (java_permissions_RestrictedSitesZone_LocalComputer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • Java permissions - Locked Down Intranet Zone - Local Computer (java_permissions_LockedDownintranet_zone_local_computer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • Java permissions - Local Machine Zone - Local Computer (java_permissions_local_machine_zone_local_computer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • Java permissions - Locked Down Local Machine - Local Computer (java_permissions_LockedDownlocal_machine_zone_local_computer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • Java permissions - Intranet Zone - Local Computer (java_permissions_intranet_zone_local_computer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • Java permissions - Locked Down Internet Zone - Local Computer (java_permissions_locked_down_internet_zone_local_computer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • Java permissions - Locked Down Restricted Sites Zone - Local Computer (java_permissions_LockedDownRestrictedSitesZone_LocalComputer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • Java permissions - Locked Down Trusted Sites Zone - Local Computer (java_permissions_LockedDowntrusted_sites_zone_local_computer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • Java permissions - Trusted Sites Zone - Local Computer (java_permissions_trusted_sites_zone_local_computer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
  • This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. (xccdf_gov.nist_rule_java_permissions_LockedDowntrusted_sites_zone_local_computer, oval:gov.nist.USGCB.ie7:def:1699, oval:gov.nist.USGCB.ie7:tst:3183, oval:gov.nist.USGCB.ie7:obj:2679, oval:gov.nist.USGCB.ie7:ste:3493, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. (xccdf_gov.nist_rule_java_permissions_LockedDownRestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie7:def:1753, oval:gov.nist.USGCB.ie7:tst:3254, oval:gov.nist.USGCB.ie7:obj:2519, oval:gov.nist.USGCB.ie7:ste:3546, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. (xccdf_gov.nist_rule_java_permissions_trusted_sites_zone_local_computer, oval:gov.nist.USGCB.ie7:def:1379, oval:gov.nist.USGCB.ie7:tst:3282, oval:gov.nist.USGCB.ie7:obj:2754, oval:gov.nist.USGCB.ie7:ste:3295, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. (xccdf_gov.nist_rule_java_permissions_LockedDownlocal_machine_zone_local_computer, oval:gov.nist.USGCB.ie7:def:1986, oval:gov.nist.USGCB.ie7:tst:3344, oval:gov.nist.USGCB.ie7:obj:2645, oval:gov.nist.USGCB.ie7:ste:3375, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. (xccdf_gov.nist_rule_java_permissions_local_machine_zone_local_computer, oval:gov.nist.USGCB.ie7:def:1422, oval:gov.nist.USGCB.ie7:tst:3590, oval:gov.nist.USGCB.ie7:obj:2129, oval:gov.nist.USGCB.ie7:ste:3489, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. (xccdf_gov.nist_rule_java_permissions_intranet_zone_local_computer, oval:gov.nist.USGCB.ie7:def:1883, oval:gov.nist.USGCB.ie7:tst:3638, oval:gov.nist.USGCB.ie7:obj:2241, oval:gov.nist.USGCB.ie7:ste:3007, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. (xccdf_gov.nist_rule_java_permissions_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie7:def:824, oval:gov.nist.USGCB.ie7:tst:3751, oval:gov.nist.USGCB.ie7:obj:35, oval:gov.nist.USGCB.ie7:ste:3340, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. (xccdf_gov.nist_rule_java_permissions_internet_zone_local_computer, oval:gov.nist.USGCB.ie7:def:1174, oval:gov.nist.USGCB.ie7:tst:3813, oval:gov.nist.USGCB.ie7:obj:20, oval:gov.nist.USGCB.ie7:ste:3267, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. (xccdf_gov.nist_rule_java_permissions_locked_down_internet_zone_local_computer, oval:gov.nist.USGCB.ie7:def:1419, oval:gov.nist.USGCB.ie7:tst:3872, oval:gov.nist.USGCB.ie7:obj:2580, oval:gov.nist.USGCB.ie7:ste:3087, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. (xccdf_gov.nist_rule_java_permissions_LockedDownintranet_zone_local_computer, oval:gov.nist.USGCB.ie7:def:2039, oval:gov.nist.USGCB.ie7:tst:4084, oval:gov.nist.USGCB.ie7:obj:2741, oval:gov.nist.USGCB.ie7:ste:3803, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
  • This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. (xccdf_gov.nist_rule_JavaPermissions_InternetZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31029, oval:gov.nist.USGCB.ie8:tst:31029, oval:gov.nist.USGCB.ie8:obj:31029, oval:gov.nist.USGCB.ie8:ste:31029, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)
  • This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. (xccdf_gov.nist_rule_JavaPermissions_IntranetZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31043, oval:gov.nist.USGCB.ie8:tst:31043, oval:gov.nist.USGCB.ie8:obj:31043, oval:gov.nist.USGCB.ie8:ste:31043, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)
  • This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. (xccdf_gov.nist_rule_JavaPermissions_LocalMachineZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31044, oval:gov.nist.USGCB.ie8:tst:31044, oval:gov.nist.USGCB.ie8:obj:31044, oval:gov.nist.USGCB.ie8:ste:31044, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)
  • This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. (xccdf_gov.nist_rule_JavaPermissions_LockedDownInternetZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31046, oval:gov.nist.USGCB.ie8:tst:31046, oval:gov.nist.USGCB.ie8:obj:31046, oval:gov.nist.USGCB.ie8:ste:31046, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)
  • This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. (xccdf_gov.nist_rule_JavaPermissions_LockedDownIntranetZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31047, oval:gov.nist.USGCB.ie8:tst:31047, oval:gov.nist.USGCB.ie8:obj:31047, oval:gov.nist.USGCB.ie8:ste:31047, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)
  • This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. (xccdf_gov.nist_rule_JavaPermissions_LockedDownLocalMachineZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31048, oval:gov.nist.USGCB.ie8:tst:31048, oval:gov.nist.USGCB.ie8:obj:31048, oval:gov.nist.USGCB.ie8:ste:31048, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)
  • This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. (xccdf_gov.nist_rule_JavaPermissions_LockedDownRestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31049, oval:gov.nist.USGCB.ie8:tst:31049, oval:gov.nist.USGCB.ie8:obj:31049, oval:gov.nist.USGCB.ie8:ste:31049, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)
  • This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. (xccdf_gov.nist_rule_JavaPermissions_LockedDownTrustedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31050, oval:gov.nist.USGCB.ie8:tst:31050, oval:gov.nist.USGCB.ie8:obj:31050, oval:gov.nist.USGCB.ie8:ste:31050, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)
  • This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. (xccdf_gov.nist_rule_JavaPermissions_RestrictedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31067, oval:gov.nist.USGCB.ie8:tst:31067, oval:gov.nist.USGCB.ie8:obj:31067, oval:gov.nist.USGCB.ie8:ste:31067, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)
  • This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. (xccdf_gov.nist_rule_JavaPermissions_TrustedSitesZone_LocalComputer, oval:gov.nist.USGCB.ie8:def:31084, oval:gov.nist.USGCB.ie8:tst:31084, oval:gov.nist.USGCB.ie8:obj:31084, oval:gov.nist.USGCB.ie8:ste:31084, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)