Configure the "Prevent ignoring certificate errors" to organizational standards.

Back

CONTROL ID
07924

CONTROL TYPE
Configuration

CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS

This Control directly supports the implied Control(s):

Configure Key, Certificate, Password, Authentication and Identity Management settings in accordance with organizational standards., CC ID: 07621

There are no implementation support Controls.

SELECTED AUTHORITY DOCUMENTS COMPLIED WITH

Configure the "Prevent ignoring certificate errors" setting to "Enabled". (E61D6D28-D821-4009-8BD1-7137AD54F113, IE10 Computer Security Compliance, 1.0)
Configure the "Prevent ignoring certificate errors" setting to "Enabled". (12334D0A-1E65-418D-A9CA-0950EE5A6AD2, IE8 Computer Security Compliance, 1.0)
Configure the "Prevent ignoring certificate errors" setting to "Enabled". (94BEE617-55F7-49DA-B041-AC30247B004D, IE9 Computer Security Compliance, 1.0)
Title: Set 'Prevent ignoring certificate errors' to 'Enabled' Description: When a user experiences Secure Socket Layer/Transport Layer Security (SSL/TLS) certificate errors such as "expired," "revoked," or "name mismatch," Internet Explorer blocks the user's ability to continue browsing the Web … (Rule:xccdf_org.cisecurity.benchmarks_rule_5.5_Set_Prevent_ignoring_certificate_errors_to_Enabled Artifact Expression:xccdf_org.cisecurity.benchmarks_ae_5.5.1_, The Center for Internet Security Microsoft Internet Explorer 10 Level 1 Benchmark, 1.0.0)
Title: Set 'Prevent ignoring certificate errors' to 'Enabled' Description: When a user experiences Secure Socket Layer/Transport Layer Security (SSL/TLS) certificate errors such as "expired," "revoked," or "name mismatch," Internet Explorer blocks the user's ability to continue browsing the Web … (Rule:xccdf_org.cisecurity.benchmarks_rule_5.5_Set_Prevent_ignoring_certificate_errors_to_Enabled Artifact Expression:xccdf_org.cisecurity.benchmarks_ae_5.5.2_, The Center for Internet Security Microsoft Internet Explorer 10 Level 1 Benchmark, 1.0.0)
The "Prevent Ignoing Certificate Errors" setting should be configured correctly. Technical Mechanisms: Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Window… (CCE-4199-6, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
The "Prevent ignoring certificate errors" machine setting should be configured correctly. Technical Mechanisms: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Prevent ignoring certificate errors (2) Registry Key: HKEY_LOCAL_MACH… (CCE-10436-4, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
The "Prevent ignoring certificate errors" current user setting should be configured correctly. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Prevent ignoring certificate errors HKEY_CURRENT_USER\Software\Policies\Micros… (CCE-15803-0, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)