Windows 11 must have Secure Boot enabled.

Overview

Finding IDVersionRule IDIA ControlsSeverity
V-253272WN11-00-000010SV-253272r877393_ruleCCI-000366high
Description
Secure Boot is a security standard that ensures systems boot using only software that is trusted. This prevents rootkits and other malware from loading during the boot process.
STIGDate
Microsoft Windows 11 Security Technical Implementation Guide2024-10-15

Related Frameworks

4 paths across 3 frameworks
NIST 800-531 mapping
CM-6
1.00
  • DISA · V1R5 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
  • DISA · V1R5 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
  • DISA · V1R5 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
  • DISA · V1R5 · disa_xccdf · related

Details

Check Text (C-253272r877393_chk)

Some hardware may not support Secure Boot. Verify with the system vendor. Run "System Information". Under "System Summary", if "Secure Boot State" does not display "On", this is a finding.

Fix Text (F-56689r819638_fix)

Enable Secure Boot in the system firmware. Refer to system documentation for configuration details.