ISM-1486 – Technical Resolution Guidance

What is ISM-1486?

Web browsers do not process Java from the internet.

Background

In modern browsers, support for Java applets has been phased out. Historically, Java applets were small Java-based programs embedded within websites. However, web technologies have evolved, and browsers have discontinued support for these applets due to various reasons.

Applicability

This control is relevant to the following:

  • Maturity Level 1, 2, and 3 Controls

Evaluation Results

StatusDescription
EffectiveCurrent browsers are installed or policies are correctly implemented.
IneffectiveOut of date browsers are installed, and the appropriate policies are not applied.
Not ApplicableEither no browser is installed, or the test does not apply to the device.

Testing Parameters

Java is not included by default in Windows 10 or 11. If Java is installed, the SecurE8 Auditor checks the following configurations:

Policies/Description Registry Key Value
Oracle JavaHKLM:\SOFTWARE\Oracle\JavaDeploy\WebDeployJavadisabled
Internet ExplorerHKLM:\SOFTWARE\JavaSoft\Java Plug-in\UseJava2IExplorer<> 1

Remediation Steps

For Java Web Deploy Method: Modify the registry value “WebDeployJava” to “disable.”

For Internet Explorer: Either remove or disable IE, and ensure the registry value “UseJava2IExplorer” is set to 0 if applicable.

Validation Process

Validation involves reviewing browser documentation, running tests across various browsers, and confirming that Java applet support has been successfully discontinued.

Risk Consideration

Implementing this control will enhance security and performance but may lead to compatibility issues with legacy systems reliant on Java applets.