kriterion 0.0.1

data/standards/stig_java_runtime_environment_jre_6_unix.json

@@ -0,0 +1,65 @@
+{
+  "name": "stig_java_runtime_environment_jre_6_unix",
+  "date": "2012-07-23",
+  "description": "The Java Runtime Environment (JRE) is a bundle developed and offered by Oracle Corporation which includes the Java Virtual Machine (JVM), class libraries, and other components necessary to run Java applications and applets.  Certain default settings within the JRE pose a security risk so it is necessary to deploy system wide properties to ensure a higher degree of security when utilizing the JRE.",
+  "title": "Java Runtime Environment (JRE) 6 STIG for UNIX",
+  "version": "1",
+  "item_syntax": "^\\w-\\d+$",
+  "section_separator": null,
+  "items": [
+    {
+      "id": "V-32828",
+      "title": "The dialog to enable users to grant permissions to execute signed content from an un-trusted authority must be disabled. \n",
+      "description": "Java applets exist both signed and unsigned.  Even for signed applets, there can be many sources, some of which may be purveyors of malware.  Applet sources considered trusted can have their information populated into the browser, enabling Java to validate applets against trusted sources.  Permitting execution of signed Java applets from un-trusted sources may result in acquiring malware, and risks system modification, invasion of privacy, or denial of service.  \nNOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32829",
+      "title": "The dialog enabling users to grant permissions to execute signed content from an un-trusted authority must be locked. ",
+      "description": "Java applets exist both signed and unsigned. Even for signed applets, there can be many sources, some of which may be purveyors of malware. Applet sources considered trusted can have their information populated into the browser, enabling Java to validate applets against trusted sources. Permitting execution of signed Java applets from un-trusted sources may result in acquiring malware, and risks system modification, invasion of privacy, or denial of service.\n \nEnsuring users cannot change settings, contributes to a more consistent security profile. \n\nNOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.\n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32830",
+      "title": "The dialog to enable users to check publisher certificates for revocation must be enabled. \n",
+      "description": "A certificate revocation list is a directory which contains a list of certificates that have been revoked for various reasons. Certificates may be revoked due to improper issuance, compromise of the certificate, and failure to adhere to policy. Therefore, any certificate found on a CRL should not be trusted. Permitting execution of an applet published with a revoked certificate may result in spoofing, malware, system modification, invasion of privacy, and denial of service. \n\nNOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.\n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32831",
+      "title": "The option to enable users to check publisher certificates for revocation must be locked. \n",
+      "description": "A certificate revocation list is a directory which contains a list of certificates that have been revoked for various reasons. Certificates may be revoked due to improper issuance, compromise of the certificate, and failure to adhere to policy. Therefore, any certificate found on a CRL should not be trusted. Permitting execution of an applet published with a revoked certificate may result in spoofing, malware, system modification, invasion of privacy, and denial of service. \n\nEnsuring users cannot change settings, contributes to a more consistent security profile. \n\nNOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.\n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32832",
+      "title": "The option to enable online certificate validation must be enabled. \n",
+      "description": "Online certificate validation provides a real-time alternative to validating a certificate. When enabled, if a certificate is presented, the status of the certificate is requested. The status is sent back as 'current', 'expired', or 'unknown'. Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet. Permitting execution of an applet with an invalid certificate may result in malware, system modification, invasion of privacy, and denial of service. \n\nNOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.\n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32833",
+      "title": "The option to enable online certificate validation must be locked. \n",
+      "description": "Online certificate validation provides a real-time alternative to validating a certificate. When enabled, if a certificate is presented, the status of the certificate is requested. The status is sent back as 'current', 'expired', or 'unknown'. Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet. Permitting execution of an applet with an invalid certificate may result in malware, system modification, invasion of privacy, and denial of service. \n\nEnsuring users cannot change settings, contributes to a more consistent security profile. \n\nNOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.\n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32842",
+      "title": "The configuration file must contain proper keys and values to deploy settings correctly. \n",
+      "description": "This configuration file must hold values of the location of the deployment.properties file as well as the enforcement of these properties.  Without a proper path for the properties file, deployment would not be possible.  If the path specified does not lead to a properties file the value of the 'deployment.system.config. mandatory' key determines how to handle the situation.  If the value of this key is true, JRE will not run if the path to the properties file is invalid. \nNOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32901",
+      "title": "A configuration file must be present to deploy properties for JRE. \n",
+      "description": "The deployment.config file is used for specifying the location and execution of system-level properties for the Java Runtime Environment.  By default no deployment.config file exists; thus, no system-wide deployment.properties file exists.  Without the deployment.config file, setting particular options for the Java control panel is impossible.\n\nNOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32902",
+      "title": "A properties file must be present to hold all the keys that establish properties within the Java control panel. \n",
+      "description": "The deployment.properties file is used for specifying keys for the Java Runtime Environment. Each option in the Java control panel is represented by property keys. These keys adjust the options in the Java control panel based on the value assigned to that key. By default no deployment.properties file exists; thus, no system-wide deployment exists. Without the deployment.properties file, setting particular options for the Java control panel is impossible. \n\nNOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.\n",
+      "severity": "medium"
+    }
+  ]
+}

data/standards/stig_java_runtime_environment_jre_6_win7.json

@@ -0,0 +1,65 @@
+{
+  "name": "stig_java_runtime_environment_jre_6_win7",
+  "date": "2012-07-23",
+  "description": "The Java Runtime Environment (JRE) is a bundle developed and offered by Oracle Corporation which includes the Java Virtual Machine (JVM), class libraries, and other components necessary to run Java applications and applets.  Certain default settings within the JRE pose a security risk so it is necessary to deploy system wide properties to ensure a higher degree of security when utilizing the JRE.",
+  "title": "Java Runtime Environment (JRE) 6 STIG for Win7",
+  "version": "1",
+  "item_syntax": "^\\w-\\d+$",
+  "section_separator": null,
+  "items": [
+    {
+      "id": "V-32828",
+      "title": "The dialog enabling users to grant permissions to execute signed content from an un-trusted authority must be disabled. ",
+      "description": "Java applets exist both signed and unsigned.  Even for signed applets, there can be many sources, some of which may be purveyors of malware.  Applet sources considered trusted can have their information populated into the browser, enabling Java to validate applets against trusted sources.  Permitting execution of signed Java applets from un-trusted sources may result in acquiring malware, and risks system modification, invasion of privacy, or denial of service.  ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32829",
+      "title": "The dialog enabling users to grant permissions to execute signed content from an un-trusted authority must be locked. ",
+      "description": "Java applets exist both signed and unsigned. Even for signed applets, there can be many sources, some of which may be purveyors of malware. Applet sources considered trusted can have their information populated into the browser, enabling Java to validate applets against trusted sources. Permitting execution of signed Java applets from un-trusted sources may result in acquiring malware, and risks system modification, invasion of privacy, or denial of service. \n\nEnsuring users cannot change settings, contributes to a more consistent security profile. \n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32830",
+      "title": "The dialog to enable users to check publisher certificates for revocation must be enabled. \n",
+      "description": "A certificate revocation list is a directory which contains a list of certificates that have been revoked for various reasons. Certificates may be revoked due to improper issuance, compromise of the certificate, and failure to adhere to policy. Therefore, any certificate found on a CRL should not be trusted. Permitting execution of an applet published with a revoked certificate may result in spoofing, malware, system modification, invasion of privacy, and denial of service. ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32831",
+      "title": "The option to enable users to check publisher certificates for revocation must be locked. ",
+      "description": "A certificate revocation list is a directory which contains a list of certificates that have been revoked for various reasons. Certificates may be revoked due to improper issuance, compromise of the certificate, and failure to adhere to policy. Therefore, any certificate found on a CRL should not be trusted. Permitting execution of an applet published with a revoked certificate may result in spoofing, malware, system modification, invasion of privacy, and denial of service. \n\nEnsuring users cannot change settings, contributes to a more consistent security profile. \n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32832",
+      "title": "The option to enable online certificate validation must be enabled. \n",
+      "description": "Online certificate validation provides a real-time alternative to validating a certificate.  When enabled, if a certificate is presented, the status of the certificate is requested.  The status is sent back as 'current', 'expired', or 'unknown'.  Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet.   Permitting execution of an applet with an invalid certificate may result in malware, system modification, invasion of privacy, and denial of service. ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32833",
+      "title": "The option to enable online certificate validation must be locked. \n",
+      "description": "Online certificate validation provides a real-time alternative to validating a certificate. When enabled, if a certificate is presented, the status of the certificate is requested. The status is sent back as 'current', 'expired', or 'unknown'. Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet. Permitting execution of an applet with an invalid certificate may result in malware, system modification, invasion of privacy, and denial of service. \n\nEnsuring users cannot change settings, contributes to a more consistent security profile. \n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32842",
+      "title": "The configuration file must contain proper keys and values to deploy settings correctly. ",
+      "description": "This configuration file must hold values of the location of the deployment.properties file, as well as the enforcement of these properties. Without a proper path for the properties file, deployment would not be possible. If the path specified does not lead to a properties file the value of the 'deployment.system.config. mandatory' key determines how to handle the situation. If the value of this key is true, JRE will not run if the path to the properties file is invalid. ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32901",
+      "title": "A configuration file must be present to deploy properties for JRE. ",
+      "description": "The deployment.config file is used for specifying the location and execution of system-level properties for the Java Runtime Environment.  By default no deployment.config file exists; thus, no system-wide deployment.properties file exists.  64-bit systems require two copies of the file, one for the 64-bit JRE and the other for the 32-bit JRE.  Without the deployment.config file, setting particular options for the Java control panel is impossible. ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32902",
+      "title": "A properties file must be present to hold all the keys that establish properties within the Java control panel. ",
+      "description": "The deployment.properties file is used for specifying keys for the Java Runtime Environment.  Each option in the Java control panel is represented by property keys. These keys adjust the options in the Java control panel based on the value assigned to that key.  By default no deployment.properties file exists; thus, no system-wide deployment exists.  Without the deployment.properties file, setting particular options for the Java control panel is impossible.  ",
+      "severity": "medium"
+    }
+  ]
+}

data/standards/stig_java_runtime_environment_jre_6_windows_xp.json

@@ -0,0 +1,77 @@
+{
+  "name": "stig_java_runtime_environment_jre_6_windows_xp",
+  "date": "2014-10-05",
+  "description": "The Java Runtime Environment (JRE) is a bundle developed and offered by Oracle Corporation which includes the Java Virtual Machine (JVM), class libraries, and other components necessary to run Java applications and applets.  Certain default settings within the JRE pose a security risk so it is necessary to deploy system wide properties to ensure a higher degree of security when utilizing the JRE.\nGuidance placed on sunset list 10/24/2014.  XP OS no longer supported by vendor.",
+  "title": "Java Runtime Environment (JRE) 6 STIG for Windows XP",
+  "version": "1",
+  "item_syntax": "^\\w-\\d+$",
+  "section_separator": null,
+  "items": [
+    {
+      "id": "V-32828",
+      "title": "The dialog enabling users to grant permissions to execute signed content from an un-trusted authority must be disabled. ",
+      "description": "Java applets exist in both signed and unsigned forms.  Although signed applets allow for authentication of the author in order to establish trust, even signed applets can potentially contain malware.  Applet sources considered trusted will normally have their certificate information populated into the browser.  This enables Java to validate applets against trusted sources automatically.  Permitting users to grant execution permissions to Java applets signed by un-trusted authorities may result in malware executing on the system. This risks system confidentiality, integrity and availability.  ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32829",
+      "title": "The dialog enabling users to grant permissions to execute signed content from an un-trusted authority must be locked. ",
+      "description": "Java applets exist in both signed and unsigned forms.  Although signed applets allow for authentication of the author in order to establish trust, even signed applets can potentially contain malware.  Applet sources considered trusted will normally have their certificate information populated into the browser.  This enables Java to validate applets against trusted sources automatically.  Permitting users to grant execution permissions to Java applets signed by un-trusted authorities may result in malware executing on the system. This risks system confidentiality, integrity and availability.  This option must be locked so the user cannot make changes.\n\nEnsuring users cannot change settings contributes to a more consistent security profile. \n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32830",
+      "title": "The dialog to enable users to check publisher certificates for revocation must be enabled. \n",
+      "description": "A certificate revocation list is a directory which contains a list of certificates that have been revoked for various reasons. Certificates may be revoked due to improper issuance, compromise of the certificate, and failure to adhere to policy. Therefore, any certificate found on a CRL should not be trusted. Permitting execution of an applet published with a revoked certificate may result in spoofing, malware, system modification, invasion of privacy, and denial of service. ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32831",
+      "title": "The option to enable users to check publisher certificates for revocation must be locked. \n",
+      "description": "Certificates may be revoked due to improper issuance, compromise of the certificate, and failure to adhere to policy. Therefore, any certificate found revoked on a CRL or via Online Certificate Status Protocol (OCSP) should not be trusted. Permitting execution of an applet published with a revoked certificate may result in spoofing, malware, system modification, invasion of privacy, and denial of service.\n \nEnsuring users cannot change these settings assures a more consistent security profile.\n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32832",
+      "title": "The option to enable online certificate validation must be enabled. \n",
+      "description": "Online certificate validation provides a real-time option to validate a certificate.  When enabled, if a certificate is presented, the status of the certificate is requested.  The status is sent back as 'current', 'expired', or 'unknown'.  Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet.   Permitting execution of an applet with an invalid certificate may result in malware, system modification, invasion of privacy, and denial of service. ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32833",
+      "title": "The option to enable online certificate validation must be locked. \n",
+      "description": "Online certificate validation provides a real-time option to validate a certificate. When enabled, if a certificate is presented, the status of the certificate is requested. The status is sent back as 'current', 'expired', or 'unknown'. Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet. Permitting execution of an applet with an invalid certificate may result in malware, system modification, invasion of privacy, and denial of service. \n\nEnsuring users cannot change settings contributes to a more consistent security profile. \n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32842",
+      "title": "The configuration file must contain proper keys and values to deploy settings correctly. ",
+      "description": "The deployment.config file is used to specify the location of the deployment.properties file and for controlling the launch of the JRE runtime.  By default, these two files do not exist, they must both be created.  \n\nWithout a proper path to the deployment.properties file, deployment settings will fail.  If the path specified in deployment.config does not lead to a deployment.properties file, then the value of the 'deployment.system.config.mandatory' key contained in deployment.config will determine how to handle the situation.  If the value of this key is true, JRE will not run if the path to the properties file is invalid. ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32901",
+      "title": "A configuration file must be present to deploy properties for JRE. ",
+      "description": "The deployment.config file is used for specifying the location and execution of system-level properties for the Java Runtime Environment.  By default no deployment.config file exists; thus, no system-wide deployment.properties file exists.  64-bit systems require two copies of the file, one for the 64-bit JRE and the other for the 32-bit JRE.  Without the deployment.config file, setting particular options for the Java control panel is impossible.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32902",
+      "title": "A properties file must be present to hold all the keys that establish properties within the Java control panel. ",
+      "description": "The deployment.properties file is used for specifying keys for the Java Runtime Environment.  Each option in the Java control panel is represented by property keys. These keys adjust the options in the Java control panel based on the value assigned to that key.  By default no deployment.properties file exists; thus, no system-wide deployment exists.  Without the deployment.properties file, setting particular options for the Java control panel is impossible.  ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-39239",
+      "title": "The version of the JRE running on the system must be the most current available.",
+      "description": "The JRE is being continually updated by the vendor in order to address identified security vulnerabilities.  Running an older version of the JRE can introduce security vulnerabilities to the system.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-54383",
+      "title": "The Java Runtime Environment (JRE) must not be installed on an unsupported operating system.",
+      "description": "Security updates are the standard method for addressing discovered vulnerabilities.  The operating system platform the JRE is installed on must be supported for security updates or the OS becomes a threat vector that can negatively impact the JRE.  Organizations must run the JRE on a supported OS version to ensure security updates are available and to mitigate threats to the JRE.",
+      "severity": "high"
+    }
+  ]
+}

data/standards/stig_java_runtime_environment_jre_6_winxp.json

@@ -0,0 +1,65 @@
+{
+  "name": "stig_java_runtime_environment_jre_6_winxp",
+  "date": "2012-07-23",
+  "description": "The Java Runtime Environment (JRE) is a bundle developed and offered by Oracle Corporation which includes the Java Virtual Machine (JVM), class libraries, and other components necessary to run Java applications and applets.  Certain default settings within the JRE pose a security risk so it is necessary to deploy system wide properties to ensure a higher degree of security when utilizing the JRE.",
+  "title": "Java Runtime Environment (JRE) 6 STIG for WinXP",
+  "version": "1",
+  "item_syntax": "^\\w-\\d+$",
+  "section_separator": null,
+  "items": [
+    {
+      "id": "V-32828",
+      "title": "The dialog enabling users to grant permissions to execute signed content from an un-trusted authority must be disabled. ",
+      "description": "Java applets exist both signed and unsigned.  Even for signed applets, there can be many sources, some of which may be purveyors of malware.  Applet sources considered trusted can have their information populated into the browser, enabling Java to validate applets against trusted sources.  Permitting execution of signed Java applets from un-trusted sources may result in acquiring malware, and risks system modification, invasion of privacy, or denial of service.  ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32829",
+      "title": "The dialog enabling users to grant permissions to execute signed content from an un-trusted authority must be locked. ",
+      "description": "Java applets exist both signed and unsigned. Even for signed applets, there can be many sources, some of which may be purveyors of malware. Applet sources considered trusted can have their information populated into the browser, enabling Java to validate applets against trusted sources. Permitting execution of signed Java applets from un-trusted sources may result in acquiring malware, and risks system modification, invasion of privacy, or denial of service. \n\nEnsuring users cannot change settings, contributes to a more consistent security profile. \n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32830",
+      "title": "The dialog to enable users to check publisher certificates for revocation must be enabled. \n",
+      "description": "A certificate revocation list is a directory which contains a list of certificates that have been revoked for various reasons. Certificates may be revoked due to improper issuance, compromise of the certificate, and failure to adhere to policy. Therefore, any certificate found on a CRL should not be trusted. Permitting execution of an applet published with a revoked certificate may result in spoofing, malware, system modification, invasion of privacy, and denial of service. ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32831",
+      "title": "The option to enable users to check publisher certificates for revocation must be locked. \n",
+      "description": "A certificate revocation list is a directory which contains a list of certificates that have been revoked for various reasons. Certificates may be revoked due to improper issuance, compromise of the certificate, and failure to adhere to policy. Therefore, any certificate found on a CRL should not be trusted. Permitting execution of an applet published with a revoked certificate may result in spoofing, malware, system modification, invasion of privacy, and denial of service. \n\nEnsuring users cannot change settings, contributes to a more consistent security profile. \n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32832",
+      "title": "The option to enable online certificate validation must be enabled. \n",
+      "description": "Online certificate validation provides a real-time alternative to validating a certificate.  When enabled, if a certificate is presented, the status of the certificate is requested.  The status is sent back as 'current', 'expired', or 'unknown'.  Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet.   Permitting execution of an applet with an invalid certificate may result in malware, system modification, invasion of privacy, and denial of service. ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32833",
+      "title": "The option to enable online certificate validation must be locked. \n",
+      "description": "Online certificate validation provides a real-time alternative to validating a certificate. When enabled, if a certificate is presented, the status of the certificate is requested. The status is sent back as 'current', 'expired', or 'unknown'. Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet. Permitting execution of an applet with an invalid certificate may result in malware, system modification, invasion of privacy, and denial of service. \n\nEnsuring users cannot change settings, contributes to a more consistent security profile. \n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32842",
+      "title": "The configuration file must contain proper keys and values to deploy settings correctly. ",
+      "description": "The deployment configuration file must hold values of the location of the deployment.properties file as well as the enforcement of these properties.  Without a proper path for the properties file, deployment would not be possible.  If the path specified does not lead to a properties file, the value of the 'deployment.system. config. mandatory' key determines how to handle the situation.  If the value of this key is true, JRE will not run if the path to the properties file is invalid. ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32901",
+      "title": "A configuration file must be present to deploy properties for JRE. ",
+      "description": "The deployment.config file is used for specifying the location and execution of system-level properties for the Java Runtime Environment.  By default no deployment.config file exists; thus, no system-wide deployment.properties file exists.  64-bit systems require two copies of the file, one for the 64-bit JRE and the other for the 32-bit JRE.  Without the deployment.config file, setting particular options for the Java control panel is impossible.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32902",
+      "title": "A properties file must be present to hold all the keys that establish properties within the Java control panel. ",
+      "description": "The deployment.properties file is used for specifying keys for the Java Runtime Environment.  Each option in the Java control panel is represented by property keys. These keys adjust the options in the Java control panel based on the value assigned to that key.  By default no deployment.properties file exists; thus, no system-wide deployment exists.  Without the deployment.properties file, setting particular options for the Java control panel is impossible.  ",
+      "severity": "medium"
+    }
+  ]
+}

data/standards/stig_java_runtime_environment_jre_7_unix.json

@@ -0,0 +1,65 @@
+{
+  "name": "stig_java_runtime_environment_jre_7_unix",
+  "date": "2012-07-23",
+  "description": "The Java Runtime Environment (JRE) is a bundle developed and offered by Oracle Corporation which includes the Java Virtual Machine (JVM), class libraries, and other components necessary to run Java applications and applets.  Certain default settings within the JRE pose a security risk so it is necessary to deploy system wide properties to ensure a higher degree of security when utilizing the JRE.",
+  "title": "Java Runtime Environment (JRE) 7 STIG for UNIX",
+  "version": "1",
+  "item_syntax": "^\\w-\\d+$",
+  "section_separator": null,
+  "items": [
+    {
+      "id": "V-32828",
+      "title": "The dialog to enable users to grant permissions to execute signed content from an un-trusted authority must be disabled. \n",
+      "description": "Java applets exist both signed and unsigned.  Even for signed applets, there can be many sources, some of which may be purveyors of malware.  Applet sources considered trusted can have their information populated into the browser, enabling Java to validate applets against trusted sources.  Permitting execution of signed Java applets from un-trusted sources may result in acquiring malware, and risks system modification, invasion of privacy, or denial of service.  \nNOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32829",
+      "title": "The dialog enabling users to grant permissions to execute signed content from an un-trusted authority must be locked. ",
+      "description": "Java applets exist both signed and unsigned. Even for signed applets, there can be many sources, some of which may be purveyors of malware. Applet sources considered trusted can have their information populated into the browser, enabling Java to validate applets against trusted sources. Permitting execution of signed Java applets from un-trusted sources may result in acquiring malware, and risks system modification, invasion of privacy, or denial of service.\n \nEnsuring users cannot change settings, contributes to a more consistent security profile. \n\nNOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.\n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32830",
+      "title": "The dialog to enable users to check publisher certificates for revocation must be enabled. \n",
+      "description": "A certificate revocation list is a directory which contains a list of certificates that have been revoked for various reasons. Certificates may be revoked due to improper issuance, compromise of the certificate, and failure to adhere to policy. Therefore, any certificate found on a CRL should not be trusted. Permitting execution of an applet published with a revoked certificate may result in spoofing, malware, system modification, invasion of privacy, and denial of service. \n\nNOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.\n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32831",
+      "title": "The option to enable users to check publisher certificates for revocation must be locked. \n",
+      "description": "A certificate revocation list is a directory which contains a list of certificates that have been revoked for various reasons. Certificates may be revoked due to improper issuance, compromise of the certificate, and failure to adhere to policy. Therefore, any certificate found on a CRL should not be trusted. Permitting execution of an applet published with a revoked certificate may result in spoofing, malware, system modification, invasion of privacy, and denial of service. \n\nEnsuring users cannot change settings, contributes to a more consistent security profile. \n\nNOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.\n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32832",
+      "title": "The option to enable online certificate validation must be enabled. \n",
+      "description": "Online certificate validation provides a real-time alternative to validating a certificate. When enabled, if a certificate is presented, the status of the certificate is requested. The status is sent back as 'current', 'expired', or 'unknown'. Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet. Permitting execution of an applet with an invalid certificate may result in malware, system modification, invasion of privacy, and denial of service. \n\nNOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.\n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32833",
+      "title": "The option to enable online certificate validation must be locked. \n",
+      "description": "Online certificate validation provides a real-time alternative to validating a certificate. When enabled, if a certificate is presented, the status of the certificate is requested. The status is sent back as 'current', 'expired', or 'unknown'. Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet. Permitting execution of an applet with an invalid certificate may result in malware, system modification, invasion of privacy, and denial of service. \n\nEnsuring users cannot change settings, contributes to a more consistent security profile. \n\nNOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.\n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32842",
+      "title": "The configuration file must contain proper keys and values to deploy settings correctly. \n",
+      "description": "This configuration file must hold values of the location of the deployment.properties file as well as the enforcement of these properties.  Without a proper path for the properties file, deployment would not be possible.  If the path specified does not lead to a properties file the value of the 'deployment.system.config. mandatory' key determines how to handle the situation.  If the value of this key is true, JRE will not run if the path to the properties file is invalid. \nNOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32901",
+      "title": "A configuration file must be present to deploy properties for JRE. \n",
+      "description": "The deployment.config file is used for specifying the location and execution of system-level properties for the Java Runtime Environment.  By default no deployment.config file exists; thus, no system-wide deployment.properties file exists.  Without the deployment.config file, setting particular options for the Java control panel is impossible.\n\nNOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32902",
+      "title": "A properties file must be present to hold all the keys that establish properties within the Java control panel. \n",
+      "description": "The deployment.properties file is used for specifying keys for the Java Runtime Environment. Each option in the Java control panel is represented by property keys. These keys adjust the options in the Java control panel based on the value assigned to that key. By default no deployment.properties file exists; thus, no system-wide deployment exists. Without the deployment.properties file, setting particular options for the Java control panel is impossible. \n\nNOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.\n",
+      "severity": "medium"
+    }
+  ]
+}

data/standards/stig_java_runtime_environment_jre_7_win7.json

@@ -0,0 +1,65 @@
+{
+  "name": "stig_java_runtime_environment_jre_7_win7",
+  "date": "2012-07-23",
+  "description": "The Java Runtime Environment (JRE) is a bundle developed and offered by Oracle Corporation which includes the Java Virtual Machine (JVM), class libraries, and other components necessary to run Java applications and applets.  Certain default settings within the JRE pose a security risk so it is necessary to deploy system wide properties to ensure a higher degree of security when utilizing the JRE.",
+  "title": "Java Runtime Environment (JRE) 7 STIG for Win7",
+  "version": "1",
+  "item_syntax": "^\\w-\\d+$",
+  "section_separator": null,
+  "items": [
+    {
+      "id": "V-32828",
+      "title": "The dialog enabling users to grant permissions to execute signed content from an un-trusted authority must be disabled. ",
+      "description": "Java applets exist both signed and unsigned.  Even for signed applets, there can be many sources, some of which may be purveyors of malware.  Applet sources considered trusted can have their information populated into the browser, enabling Java to validate applets against trusted sources.  Permitting execution of signed Java applets from un-trusted sources may result in acquiring malware, and risks system modification, invasion of privacy, or denial of service.  ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32829",
+      "title": "The dialog enabling users to grant permissions to execute signed content from an un-trusted authority must be locked. ",
+      "description": "Java applets exist both signed and unsigned. Even for signed applets, there can be many sources, some of which may be purveyors of malware. Applet sources considered trusted can have their information populated into the browser, enabling Java to validate applets against trusted sources. Permitting execution of signed Java applets from un-trusted sources may result in acquiring malware, and risks system modification, invasion of privacy, or denial of service. \n\nEnsuring users cannot change settings, contributes to a more consistent security profile. \n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32830",
+      "title": "The dialog to enable users to check publisher certificates for revocation must be enabled. ",
+      "description": "A certificate revocation list is a directory which contains a list of certificates that have been revoked for various reasons. Certificates may be revoked due to improper issuance, compromise of the certificate, and failure to adhere to policy. Therefore, any certificate found on a CRL should not be trusted. Permitting execution of an applet published with a revoked certificate may result in spoofing, malware, system modification, invasion of privacy, and denial of service. ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32831",
+      "title": "The option to enable users to check publisher certificates for revocation must be locked. \n",
+      "description": " A certificate revocation list is a directory which contains a list of certificates that have been revoked for various reasons. Certificates may be revoked due to improper issuance, compromise of the certificate, and failure to adhere to policy. Therefore, any certificate found on a CRL should not be trusted. Permitting execution of an applet published with a revoked certificate may result in spoofing, malware, system modification, invasion of privacy, and denial of service. \n\nEnsuring users cannot change settings, contributes to a more consistent security profile. \n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32832",
+      "title": "The option to enable online certificate validation must be enabled. \n",
+      "description": "Online certificate validation provides a real-time alternative to validating a certificate.  When enabled, if a certificate is presented, the status of the certificate is requested.  The status is sent back as 'current', 'expired', or 'unknown'.  Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet.   Permitting execution of an applet with an invalid certificate may result in malware, system modification, invasion of privacy, and denial of service. ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32833",
+      "title": "The option to enable online certificate validation must be locked. \n",
+      "description": "Online certificate validation provides a real-time alternative to validating a certificate. When enabled, if a certificate is presented, the status of the certificate is requested. The status is sent back as 'current', 'expired', or 'unknown'. Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet. Permitting execution of an applet with an invalid certificate may result in malware, system modification, invasion of privacy, and denial of service. \n\nEnsuring users cannot change settings, contributes to a more consistent security profile. \n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32842",
+      "title": "The configuration file must contain proper keys and values to deploy settings correctly. ",
+      "description": "This configuration file must hold values of the location of the deployment.properties file as well as the enforcement of these properties.  Without a proper path for the properties file, deployment would not be possible.  If the path specified does not lead to a properties file the value of the 'deployment.system.config. mandatory' key determines how to handle the situation.  If the value of this key is true, JRE will not run if the path to the properties file is invalid. ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32901",
+      "title": "A configuration file must be present to deploy properties for JRE. ",
+      "description": "The deployment.config file is used for specifying the location and execution of system-level properties for the Java Runtime Environment.  By default no deployment.config file exists; thus, no system-wide deployment.properties file exists.  64-bit systems require two copies of the file, one for the 64-bit JRE and the other for the 32-bit JRE.  Without the deployment.config file, setting particular options for the Java control panel is impossible.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32902",
+      "title": "A properties file must be present to hold all the keys that establish properties within the Java control panel. ",
+      "description": "The deployment.properties file is used for specifying keys for the Java Runtime Environment.  Each option in the Java control panel is represented by property keys. These keys adjust the options in the Java control panel based on the value assigned to that key.  By default no deployment.properties file exists; thus, no system-wide deployment exists.  Without the deployment.properties file, setting particular options for the Java control panel is impossible.  ",
+      "severity": "medium"
+    }
+  ]
+}

data/standards/stig_java_runtime_environment_jre_7_winxp.json

@@ -0,0 +1,65 @@
+{
+  "name": "stig_java_runtime_environment_jre_7_winxp",
+  "date": "2012-07-23",
+  "description": "The Java Runtime Environment (JRE) is a bundle developed and offered by Oracle Corporation which includes the Java Virtual Machine (JVM), class libraries, and other components necessary to run Java applications and applets.  Certain default settings within the JRE pose a security risk so it is necessary to deploy system wide properties to ensure a higher degree of security when utilizing the JRE.",
+  "title": "Java Runtime Environment (JRE) 7 STIG for WinXP",
+  "version": "1",
+  "item_syntax": "^\\w-\\d+$",
+  "section_separator": null,
+  "items": [
+    {
+      "id": "V-32828",
+      "title": "The dialog enabling users to grant permissions to execute signed content from an un-trusted authority must be disabled. ",
+      "description": "Java applets exist both signed and unsigned.  Even for signed applets, there can be many sources, some of which may be purveyors of malware.  Applet sources considered trusted can have their information populated into the browser, enabling Java to validate applets against trusted sources.  Permitting execution of signed Java applets from un-trusted sources may result in acquiring malware, and risks system modification, invasion of privacy, or denial of service.  ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32829",
+      "title": "The dialog enabling users to grant permissions to execute signed content from an un-trusted authority must be locked. ",
+      "description": "Java applets exist both signed and unsigned. Even for signed applets, there can be many sources, some of which may be purveyors of malware. Applet sources considered trusted can have their information populated into the browser, enabling Java to validate applets against trusted sources. Permitting execution of signed Java applets from un-trusted sources may result in acquiring malware, and risks system modification, invasion of privacy, or denial of service. \n\nEnsuring users cannot change settings, contributes to a more consistent security profile. \n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32830",
+      "title": "The dialog to enable users to check publisher certificates for revocation must be enabled. \n",
+      "description": "A certificate revocation list is a directory which contains a list of certificates that have been revoked for various reasons. Certificates may be revoked due to improper issuance, compromise of the certificate, and failure to adhere to policy. Therefore, any certificate found on a CRL should not be trusted. Permitting execution of an applet published with a revoked certificate may result in spoofing, malware, system modification, invasion of privacy, and denial of service. ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32831",
+      "title": "The option to enable users to check publisher certificates for revocation must be locked. \n",
+      "description": "A certificate revocation list is a directory which contains a list of certificates that have been revoked for various reasons. Certificates may be revoked due to improper issuance, compromise of the certificate, and failure to adhere to policy. Therefore, any certificate found on a CRL should not be trusted. Permitting execution of an applet published with a revoked certificate may result in spoofing, malware, system modification, invasion of privacy, and denial of service. \n\nEnsuring users cannot change settings, contributes to a more consistent security profile. \n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32832",
+      "title": "The option to enable online certificate validation must be enabled. \n",
+      "description": "Online certificate validation provides a real-time alternative to validating a certificate.  When enabled, if a certificate is presented, the status of the certificate is requested.  The status is sent back as 'current', 'expired', or 'unknown'.  Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet.   Permitting execution of an applet with an invalid certificate may result in malware, system modification, invasion of privacy, and denial of service. ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32833",
+      "title": "The option to enable online certificate validation must be locked. \n",
+      "description": " Online certificate validation provides a real-time alternative to validating a certificate. When enabled, if a certificate is presented, the status of the certificate is requested. The status is sent back as 'current', 'expired', or 'unknown'. Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet. Permitting execution of an applet with an invalid certificate may result in malware, system modification, invasion of privacy, and denial of service. \n\nEnsuring users cannot change settings, contributes to a more consistent security profile. \n",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32842",
+      "title": "The configuration file must contain proper keys and values to deploy settings correctly. ",
+      "description": "This configuration file must hold values of the location of the deployment.properties file, as well as the enforcement of these properties. Without a proper path for the properties file, deployment would not be possible. If the path specified does not lead to a properties file the value of the 'deployment.system.config. mandatory' key determines how to handle the situation. If the value of this key is true, JRE will not run if the path to the properties file is invalid. ",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32901",
+      "title": "A configuration file must be present to deploy properties for JRE. ",
+      "description": "The deployment.config file is used for specifying the location and execution of system-level properties for the Java Runtime Environment.  By default no deployment.config file exists; thus, no system-wide deployment.properties file exists.  64-bit systems require two copies of the file, one for the 64-bit JRE and the other for the 32-bit JRE.  Without the deployment.config file, setting particular options for the Java control panel is impossible.",
+      "severity": "medium"
+    },
+    {
+      "id": "V-32902",
+      "title": "A properties file must be present to hold all the keys that establish properties within the Java control panel. ",
+      "description": "The deployment.properties file is used for specifying keys for the Java Runtime Environment.  Each option in the Java control panel is represented by property keys. These keys adjust the options in the Java control panel based on the value assigned to that key.  By default no deployment.properties file exists; thus, no system-wide deployment exists.  Without the deployment.properties file, setting particular options for the Java control panel is impossible.  ",
+      "severity": "medium"
+    }
+  ]
+}