Microsoft Dot Net Framework 4.0 STIG

Microsoft Dot Net Framework 4.0 STIG

Overview

Version	Date	Finding Count (10)			Downloads
1	2015-09-15 2012-07-20 2012-07-20 2012-07-20 2012-07-20 2012-07-20 2014-01-08 2014-01-08 2014-01-08 2014-01-08 2015-06-23 2014-01-08 2014-01-08 2014-01-08 2016-03-01 2016-03-11 2016-03-01 2016-03-11 2016-03-01 2016-03-11 2016-03-01 2016-03-11 2017-06-14 2016-03-11 2017-06-14 2017-06-14	CAT I (High): 0	CAT II (Med): 10	CAT III (Low): 0	Excel	JSON	XML

STIG Description
Applicable to systems and applications utilizing the Microsoft .Net version 4.0 framework.

Available Profiles

Classified	Public	Sensitive
CAT I Only	I - Mission Critial Classified	I - Mission Critial Public	I - Mission Critial Sensitive	II - Mission Support Classified	II - Mission Support Public	II - Mission Support Sensitive	III - Administrative Classified	III - Administrative Public	III - Administrative Sensitive

Findings (MAC III - Administrative Sensitive)

Finding ID	Severity	Title	Description
V-31307	Medium	Software publishing state table must be configured to only trust items in the users trust database.	Microsoft Windows operating systems provide a feature called Authenticode. Authenticode technology and its underlying code signing mechanisms serve to provide a mechanism to identify software...
V-30926	Medium	The .NET CLR must be configured to use FIPS approved encryption modules.	FIPS encryption is configured via .NET configuration files. There are numerous configuration files that affect different aspects of .Net behavior. The .NET config files are described below. ...
V-31212	Medium	Windows must be configured to invalidate PKCS #7 version 1 signed objects	Microsoft Windows operating systems provide a feature called Authenticode. Authenticode technology and its underlying code signing mechanisms serve to provide a mechanism to identify software...
V-7062	Medium	Windows must check for expired application certificates	Microsoft Windows operating systems provide a feature called Authenticode. Authenticode technology and its underlying code signing mechanisms serve to provide a mechanism to identify software...
V-31026	Medium	Event tracing for Windows (ETW) for Common Language Runtime events must be enabled.	Event tracing captures information about applications utilizing the .NET CLR and the .NET CLR itself. This includes security oriented information, such as Strong Name and Authenticode...
V-7061	Medium	Windows systems must be configured to prevent application use of Test Root certificates.	Microsoft Windows operating systems provide a feature called Authenticode. Authenticode technology and its underlying code signing mechanisms serve to provide a mechanism to identify software...
V-7066	Medium	Windows must be configured to check the time stamp servers certificate for revocation.	Microsoft Windows operating systems provide a feature called Authenticode. Authenticode technology and its underlying code signing mechanisms serve to provide a mechanism to identify software...
V-7064	Medium	Windows must be configured to check for revoked application certificates.	Microsoft Windows operating systems provide a feature called Authenticode. Authenticode technology and its underlying code signing mechanisms serve to provide a mechanism to identify software...
V-7065	Medium	Windows must be configured to block application execution if certificate server status is unavailable.	Microsoft Windows operating systems provide a feature called Authenticode. Authenticode technology and its underlying code signing mechanisms serve to provide a mechanism to identify software...
V-7055	Medium	Digital signatures assigned to strongly named assemblies must be verified.	A strong name consists of the assembly's identity, simple text name, version number, and culture information (if provided)—plus a public key and a digital signature. Strong names serve to...