| V-225223 | | Digital signatures assigned to strongly named assemblies must be verified. | A strong name consists of the assembly's identity, simple text name, version number, and culture information (if provided)—plus a public key and a dig... |
| V-225224 | | The Trust Providers Software Publishing State must be set to 0x23C00. | Microsoft Windows operating systems provide a feature called Authenticode. Authenticode technology and its underlying code signing mechanisms serve t... |
| V-225225 | | Developer certificates used with the .NET Publisher Membership Condition must be approved by the ISSO. | A .Net assembly will satisfy the Publisher Membership Condition if it is signed with a software publisher’s Authenticode X.509v3 digital certificate t... |
| V-225226 | | Encryption keys used for the .NET Strong Name Membership Condition must be protected. | The Strong Name Membership condition requires that member assemblies be defined with Strong Names. A strong name consists of the assembly's identity, ... |
| V-225227 | | CAS and policy configuration files must be backed up. | A successful disaster recovery plan requires that CAS policy and CAS policy configuration files are identified and included in systems disaster backup... |
| V-225228 | | Remoting Services HTTP channels must utilize authentication and encryption. | Note: Microsoft recommends using the Windows Communication Framework (WCF) rather than using .Net remoting. New development projects should refrain fr... |
| V-225229 | | .Net Framework versions installed on the system must be supported. | Unsupported software introduces risks and violates DOD policy. Applications utilizing unsupported versions of .NET introduce substantial risk to the h... |
| V-225230 | | The .NET CLR must be configured to use FIPS approved encryption modules. | FIPS encryption is configured via .NET configuration files. There are numerous configuration files that affect different aspects of .Net behavior. T... |
| V-225231 | | .NET must be configured to validate strong names on full-trust assemblies. | The "bypassTrustedAppStrongNames" setting specifies whether the bypass feature that avoids validating strong names for full-trust assemblies is enable... |
| V-225233 | | Trust must be established prior to enabling the loading of remote code in .Net 4. | In the .NET Framework version 3.5 and earlier versions, if an application assembly loaded code/objects from a remote location, that assembly would run... |
| V-225235 | | Event tracing for Windows (ETW) for Common Language Runtime events must be enabled. | Event tracing captures information about applications utilizing the .NET CLR and the .NET CLR itself. This includes security oriented information, suc... |
| V-225236 | | Software utilizing .Net 4.0 must be identified and relevant access controls configured. | With the advent of .Net 4.0, the .Net framework no longer directly configures or enforces security policy for .Net applications. This task is now rel... |
| V-225237 | | Remoting Services TCP channels must utilize authentication and encryption. | Note: Microsoft recommends using the Windows Communication Framework (WCF) rather than .Net remoting. New development projects should refrain from usi... |
| V-225238 | | Update and configure the .NET Framework to support TLS. | Use of the RC4 cipher in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions. Applications ... |
| V-225232 | | .Net applications that invoke NetFx40_LegacySecurityPolicy must apply previous versions of .NET STIG guidance. | CAS policy is .NET runtime version-specific. In .NET Framework version 4, CAS policy is disabled by default however; it can be re-enabled by using th... |
| V-225234 | | .NET default proxy settings must be reviewed and approved. | The .Net framework can be configured to utilize a different proxy or altogether bypass the default proxy settings in the client's browser. This may l... |
