FFOX-00-000003 - Firefox must be configured to ask which certificate to present to a website when a certificate is required.

Details

When a website asks for a certificate for user authentication, Firefox must be configured to have the user choose which certificate to present. Websites within DoD require user authentication for access, which increases security for DoD information. Access will be denied to the user if certificate management is not configured.


Solution

Windows group policy:
1. Open the group policy editor tool with 'gpedit.msc'.
2. Navigate to Policy Path: Computer ConfigurationAdministrative TemplatesMozillaFirefox
Policy Name: Preferences
Policy State: Enabled
Policy Value:
{
'security.default_personal_cert': {
'Value': 'Ask Every Time',
'Status': 'locked'
}
}

macOS 'plist' file:
Add the following:
Preferences

security.default_personal_cert

Value
Ask Every Time
Status
locked



Linux 'policies.json' file:
Add the following in the policies section:
'Preferences': {
'security.default_personal_cert': {
'Value': 'Ask Every Time',
'Status': 'locked'
}
}


Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Unix.


References


Source