Windows 10 must be configured to prevent certificate error overrides in Microsoft Edge.

STIG ID: WN10-CC-000238  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: medium |  CCI: CCI-000366 |  Vulnerability Id: V-220842 | 

Vulnerability Discussion

Web security certificates provide an indication whether a site is legitimate. This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing.

Check

This setting is applicable starting with v1809 of Windows 10; it is NA for prior versions.

Windows 10 LTSC\B versions do not include Microsoft Edge; this is NA for those systems.

If the following registry value does not exist or is not configured as specified, this is a finding.

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SOFTWARE\Policies\Microsoft\MicrosoftEdge\Internet Settings\

Value Name: PreventCertErrorOverrides

Type: REG_DWORD
Value: 0x00000001 (1)

Fix

Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Edge >> "Prevent certificate error overrides" to "Enabled".
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.