1.1.22 Ensure 'Allow users to proceed from the HTTPS warning page' is set to 'Disabled'

Information

This policy setting controls whether a user is able to proceed to a webpage when an invalid SSL certificate warning has occurred.

The recommended state for this setting is: Disabled.

Rationale:

Sites protected by SSL should always be recognized as valid in the web browser. Allowing a user to make the decision as to whether what appears to be an invalid certificate could open an organization up to users visiting a site that is otherwise not secure and or malicious in nature.

Impact:

Users will not be able to click past the invalid certificate error to view the website.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled:

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Allow users to proceed from the HTTPS warning page

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from Microsoft here.

Default Value:

Enabled.

See Also

https://workbench.cisecurity.org/files/3907

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-4(8), CSCv7|7.4

Plugin: Windows

Control ID: ac8938ba496f961bd2447fdf427b5336fea8091eadd8e38682bed9f446986104