Windows 11 systems must have Unified Extensible Firmware Interface (UEFI) firmware and be configured to run in UEFI mode.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-253271 | WN11-00-000005 | SV-253271r877392_rule | CCI-000366 | high |
| Description | ||||
| UEFI provides additional security features in comparison to legacy BIOS firmware, including Secure Boot. UEFI is required for Windows 11. Systems with UEFI firmware must be configured to run in UEFI mode to support Secure Boot. | ||||
| STIG | Date | |||
| Microsoft Windows 11 Security Technical Implementation Guide | 2024-10-15 | |||
Details
Check Text (C-253271r877392_chk)
Some hardware may not have UEFI firmware or may not support Secure Boot. Verify with the system vendor.
Run "System Information".
Under "System Summary", if "BIOS Mode" does not display "UEFI", this is a finding.
Fix Text (F-56688r819635_fix)
Configure Windows 11 systems with UEFI firmware to run in UEFI mode.
Refer to system documentation for configuration details.