DISA_Microsoft_Windows_11_STIG_v2r3.audit from DISA Microsoft Windows 11 STIG v2r3

WN11-00-000005 - Domain-joined systems must use Windows 11 Enterprise Edition 64-bit version.

800-53|CM-6b.

CAT|II

CCI|CCI-000366

Rule-ID|SV-253254r991589_rule

STIG-ID|WN11-00-000005

Vuln-ID|V-253254

WN11-00-000010 - Windows 11 domain-joined systems must have a Trusted Platform Module (TPM) enabled.

800-53|SC-8(1)

CCI|CCI-002421

Rule-ID|SV-253255r971547_rule

STIG-ID|WN11-00-000010

Vuln-ID|V-253255

WN11-00-000015 - Windows 11 systems must have Unified Extensible Firmware Interface (UEFI) firmware and be configured to run in UEFI mode, not Legacy BIOS.

Rule-ID|SV-253256r971547_rule

STIG-ID|WN11-00-000015

Vuln-ID|V-253256

WN11-00-000020 - Secure Boot must be enabled on Windows 11 systems.

Rule-ID|SV-253257r971547_rule

STIG-ID|WN11-00-000020

Vuln-ID|V-253257

WN11-00-000025 - Windows 11 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: Continuously, where ESS is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).

Rule-ID|SV-253258r1000099_rule

STIG-ID|WN11-00-000025

Vuln-ID|V-253258

WN11-00-000030 - Windows 11 information systems must use BitLocker to encrypt all disks to protect the confidentiality and integrity of all information at rest.

800-53|SC-28(1)

CAT|I

CCI|CCI-002475

Rule-ID|SV-253259r958870_rule

STIG-ID|WN11-00-000030

Vuln-ID|V-253259

WN11-00-000031 - Windows 11 systems must use a BitLocker PIN for pre-boot authentication.

CCI|CCI-002476

Rule-ID|SV-253260r958872_rule

STIG-ID|WN11-00-000031

Vuln-ID|V-253260

WN11-00-000032 - Windows 11 systems must use a BitLocker PIN with a minimum length of six digits for pre-boot authentication.

800-53|IA-8

CCI|CCI-000804

Rule-ID|SV-253261r958504_rule

STIG-ID|WN11-00-000032

Vuln-ID|V-253261

WN11-00-000035 - The operating system must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.

800-53|CM-7(5)(b)

CCI|CCI-001774

Rule-ID|SV-253262r958808_rule

STIG-ID|WN11-00-000035

Vuln-ID|V-253262

WN11-00-000040 - Windows 11 systems must be maintained at a supported servicing level.

Rule-ID|SV-253263r1016364_rule

STIG-ID|WN11-00-000040

Vuln-ID|V-253263

WN11-00-000045 - The Windows 11 system must use an antivirus program.

Rule-ID|SV-253264r991589_rule

STIG-ID|WN11-00-000045

Vuln-ID|V-253264

WN11-00-000050 - Local volumes must be formatted using NTFS.

800-53|AC-3

CCI|CCI-000213

Rule-ID|SV-253265r958472_rule

STIG-ID|WN11-00-000050

Vuln-ID|V-253265

WN11-00-000055 - Alternate operating systems must not be permitted on the same system.

Rule-ID|SV-253266r991589_rule

STIG-ID|WN11-00-000055

Vuln-ID|V-253266

WN11-00-000060 - Non-system-created file shares on a system must limit access to groups that require it.

800-53|SC-4

CCI|CCI-001090

Rule-ID|SV-253267r958524_rule

STIG-ID|WN11-00-000060

Vuln-ID|V-253267

WN11-00-000065 - Unused accounts must be disabled or removed from the system after 35 days of inactivity.

800-53|AU-12c.

800-53|IA-4e.

CAT|III

CCI|CCI-000172

CCI|CCI-000795

CCI|CCI-003627

Rule-ID|SV-253268r1051039_rule

STIG-ID|WN11-00-000065

Vuln-ID|V-253268

WN11-00-000070 - Only accounts responsible for the administration of a system must have Administrator rights on the system.

800-53|AC-3(4)

CCI|CCI-002165

Rule-ID|SV-253269r958702_rule

STIG-ID|WN11-00-000070

Vuln-ID|V-253269

WN11-00-000075 - Only accounts responsible for the backup operations must be members of the Backup Operators group.

Rule-ID|SV-253270r991589_rule

STIG-ID|WN11-00-000075

Vuln-ID|V-253270

WN11-00-000080 - Only authorized user accounts must be allowed to create or run virtual machines on Windows 11 systems.

Rule-ID|SV-253271r958702_rule

STIG-ID|WN11-00-000080

Vuln-ID|V-253271

WN11-00-000085 - Standard local user accounts must not exist on a system in a domain.

Rule-ID|SV-253272r991589_rule

STIG-ID|WN11-00-000085

Vuln-ID|V-253272

WN11-00-000090 - Accounts must be configured to require password expiration.

800-53|IA-5(1)(d)

CCI|CCI-000199

CCI|CCI-004066

Rule-ID|SV-253273r1051040_rule

STIG-ID|WN11-00-000090

Vuln-ID|V-253273

WN11-00-000095 - Permissions for system files and directories must conform to minimum requirements.

Rule-ID|SV-253274r1016661_rule

STIG-ID|WN11-00-000095

Vuln-ID|V-253274

WN11-00-000100 - Internet Information System (IIS) or its subcomponents must not be installed on a workstation.

800-53|CM-7a.

CCI|CCI-000381

Rule-ID|SV-253275r958478_rule

STIG-ID|WN11-00-000100

Vuln-ID|V-253275

WN11-00-000105 - Simple Network Management Protocol (SNMP) must not be installed on the system.

800-53|CM-7b.

CCI|CCI-000382

Rule-ID|SV-253276r958480_rule

STIG-ID|WN11-00-000105

Vuln-ID|V-253276

WN11-00-000110 - Simple TCP/IP Services must not be installed on the system.

Rule-ID|SV-253277r958478_rule

STIG-ID|WN11-00-000110

Vuln-ID|V-253277

WN11-00-000115 - The Telnet Client must not be installed on the system.

Rule-ID|SV-253278r958480_rule

STIG-ID|WN11-00-000115

Vuln-ID|V-253278

WN11-00-000120 - The TFTP Client must not be installed on the system.

Rule-ID|SV-253279r958480_rule

STIG-ID|WN11-00-000120

Vuln-ID|V-253279

WN11-00-000125 - Copilot in Windows must be disabled for Windows 11

Rule-ID|SV-268317r1016371_rule

STIG-ID|WN11-00-000125

Vuln-ID|V-268317

WN11-00-000130 - Software certificate installation files must be removed from Windows 11.

Rule-ID|SV-253280r991589_rule

STIG-ID|WN11-00-000130

Vuln-ID|V-253280

WN11-00-000135 - A host-based firewall must be installed and enabled on the system.

Rule-ID|SV-253281r991589_rule

STIG-ID|WN11-00-000135

Vuln-ID|V-253281

WN11-00-000140 - Inbound exceptions to the firewall on Windows 11 domain workstations must only allow authorized remote management hosts.

Rule-ID|SV-253282r991593_rule

STIG-ID|WN11-00-000140

Vuln-ID|V-253282

WN11-00-000145 - Data Execution Prevention (DEP) must be configured to at least OptOut.

800-53|SI-16

CCI|CCI-002824

Rule-ID|SV-253283r958928_rule

STIG-ID|WN11-00-000145

Vuln-ID|V-253283

WN11-00-000150 - Structured Exception Handling Overwrite Protection (SEHOP) must be enabled.

Rule-ID|SV-253284r958928_rule

STIG-ID|WN11-00-000150

Vuln-ID|V-253284

WN11-00-000155 - The Windows PowerShell 2.0 feature must be disabled on the system.

Rule-ID|SV-253285r958478_rule

STIG-ID|WN11-00-000155

Vuln-ID|V-253285

WN11-00-000160 - The Server Message Block (SMB) v1 protocol must be disabled on the system.

Rule-ID|SV-253286r958478_rule

STIG-ID|WN11-00-000160

Vuln-ID|V-253286

WN11-00-000165 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB server.

Rule-ID|SV-253287r958478_rule

STIG-ID|WN11-00-000165

Vuln-ID|V-253287

WN11-00-000170 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB client.

Rule-ID|SV-253288r958478_rule

STIG-ID|WN11-00-000170

Vuln-ID|V-253288

WN11-00-000175 - The Secondary Logon service must be disabled on Windows 11.

Rule-ID|SV-253289r958478_rule

STIG-ID|WN11-00-000175

Vuln-ID|V-253289

WN11-00-000190 - Orphaned security identifiers (SIDs) must be removed from user rights on Windows 11.

Rule-ID|SV-253290r991589_rule

STIG-ID|WN11-00-000190

Vuln-ID|V-253290

WN11-00-000210 - Bluetooth must be turned off unless approved by the organization.

Rule-ID|SV-253291r958478_rule

STIG-ID|WN11-00-000210

Vuln-ID|V-253291

WN11-00-000220 - Bluetooth must be turned off when not in use.

Rule-ID|SV-253292r958478_rule

STIG-ID|WN11-00-000220

Vuln-ID|V-253292

WN11-00-000230 - The system must notify the user when a Bluetooth device attempts to connect.

Rule-ID|SV-253293r991589_rule

STIG-ID|WN11-00-000230

Vuln-ID|V-253293

WN11-00-000240 - Administrative accounts must not be used with applications that access the internet, such as web browsers, or with potential internet sources, such as email.

Detections

Analytics

DISA Microsoft Windows 11 STIG v2r3

Audit Details

File Details

Audit Changelog

No revisions found