ISM-1486 – Technical Resolution Guidance
What is ISM-1486?
Web browsers do not process Java from the internet.
Background
In modern browsers, support for Java applets has been phased out. Historically, Java applets were small Java-based programs embedded within websites. However, web technologies have evolved, and browsers have discontinued support for these applets due to various reasons.
Applicability
This control is relevant to the following:
- Maturity Level 1, 2, and 3 Controls
Evaluation Results
Status | Description |
---|---|
Effective | Current browsers are installed or policies are correctly implemented. |
Ineffective | Out of date browsers are installed, and the appropriate policies are not applied. |
Not Applicable | Either no browser is installed, or the test does not apply to the device. |
Testing Parameters
Java is not included by default in Windows 10 or 11. If Java is installed, the SecurE8 Auditor checks the following configurations:
Policies/Description | Registry Key | Value |
---|---|---|
Oracle Java | HKLM:\SOFTWARE\Oracle\JavaDeploy\WebDeployJava | disabled |
Internet Explorer | HKLM:\SOFTWARE\JavaSoft\Java Plug-in\UseJava2IExplorer | <> 1 |
Remediation Steps
For Java Web Deploy Method: Modify the registry value “WebDeployJava” to “disable.”
For Internet Explorer: Either remove or disable IE, and ensure the registry value “UseJava2IExplorer” is set to 0 if applicable.
Validation Process
Validation involves reviewing browser documentation, running tests across various browsers, and confirming that Java applet support has been successfully discontinued.
Risk Consideration
Implementing this control will enhance security and performance but may lead to compatibility issues with legacy systems reliant on Java applets.