Microsoft Windows 11 Security Technical Implementation Guide
V1R5 · Released 2024-10-15
You are viewing V1R5. This is not the latest release. View latest release (V2) → · Version history
Overview
| Version | Date | Finding Count (5) | ||
| V1R5 | 2024-10-15 | CAT I (High): 2 | CAT II (Medium): 2 | CAT III (Low): 1 |
| STIG Description |
| This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. |
Findings — All
| Finding ID | Severity | Title | Description |
|---|---|---|---|
| V-253271 | Windows 11 systems must have Unified Extensible Firmware Interface (UEFI) firmware and be configured to run in UEFI mode. | UEFI provides additional security features in comparison to legacy BIOS firmware, including Secure Boot. UEFI is required for Windows 11. Systems with... | |
| V-253272 | Windows 11 must have Secure Boot enabled. | Secure Boot is a security standard that ensures systems boot using only software that is trusted. This prevents rootkits and other malware from loadin... | |
| V-253270 | Windows 11 must be configured to audit Logon/Logoff - Logon successes. | Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises t... | |
| V-253273 | Windows 11 must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs. | Utilizing a whitelist approach allows only authorized software programs to execute. This prevents malware and unauthorized software from executing.... | |
| V-253274 | Windows 11 must have Virtualization-based Security enabled. | Virtualization-based Security (VBS) provides the platform for the many security features available in Windows 11. VBS uses the hypervisor to support s... |