[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-42112-3

Platform: cpe:/o:microsoft:windows_10Date: (C)2016-09-23   (M)2023-07-04



Disable: 'Validate smart card certificate usage rule compliance' for CertificateOID This policy setting allows you to associate an object identifier from a smart card certificate to a BitLocker-protected drive. This policy setting is applied when you turn on BitLocker. The object identifier is specified in the enhanced key usage (EKU) of a certificate. BitLocker can identify which certificates may be used to authenticate a user certificate to a BitLocker-protected drive by matching the object identifier in the certificate with the object identifier that is defined by this policy setting. Default object identifier is 1.3.6.1.4.1.311.67.1.1 Note: BitLocker does not require that a certificate have an EKU attribute, but if one is configured for the certificate it must be set to an object identifier (OID) that matches the OID configured for BitLocker. If you enable this policy setting, the object identifier specified in the "Object identifier" box must match the object identifier in the smart card certificate. If you disable or do not configure this policy setting, a default object identifier is used. Counter Measure: Enable this policy setting and ensure that the object identifier specified in the "Object identifier" box matches the object identifier in the smart card certificate. Potential Impact: If you enable this policy setting, the object identifier specified in the "Object identifier" box must match the object identifier in the smart card certificate. If you disable or do not configure this policy setting, a default object identifier is used."


Parameter:

[enable/disable]


Technical Mechanism:

(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsBitLocker Drive EncryptionValidate smart card certificate usage rule compliance (2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftFVECertificateOID

CCSS Severity:CCSS Metrics:
CCSS Score : 6.4Attack Vector: PHYSICAL
Exploit Score: 0.5Attack Complexity: HIGH
Impact Score: 5.9Privileges Required: NONE
Severity: MEDIUMUser Interaction: NONE
Vector: AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: HIGH
 Availability: HIGH
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:35058


OVAL    1
oval:org.secpod.oval:def:35058
XCCDF    3
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_10
xccdf_org.secpod_benchmark_PCI_3_2_Windows_10
xccdf_org.secpod_benchmark_general_Windows_10

© SecPod Technologies