Windows 11 systems must have Unified Extensible Firmware Interface (UEFI) firmware and be configured to run in UEFI mode.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-253271 | WN11-00-000005 | SV-253271r877392_rule | CCI-000366 | high |
| Description | ||||
| UEFI provides additional security features in comparison to legacy BIOS firmware, including Secure Boot. UEFI is required for Windows 11. Systems with UEFI firmware must be configured to run in UEFI mode to support Secure Boot. | ||||
| STIG | Date | |||
| Microsoft Windows 11 Security Technical Implementation Guide | 2024-10-15 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-6
1.00
- DISA · V1R5 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
- DISA · V1R5 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
- DISA · V1R5 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
- DISA · V1R5 · disa_xccdf · related
Details
Check Text (C-253271r877392_chk)
Some hardware may not have UEFI firmware or may not support Secure Boot. Verify with the system vendor.
Run "System Information".
Under "System Summary", if "BIOS Mode" does not display "UEFI", this is a finding.
Fix Text (F-56688r819635_fix)
Configure Windows 11 systems with UEFI firmware to run in UEFI mode.
Refer to system documentation for configuration details.