UCF STIG Viewer Logo

Microsoft DotNet Framework 4.0 Security Technical Implementation Guide


Overview

Date Finding Count (16)
2022-09-13 CAT I (High): 0 CAT II (Med): 14 CAT III (Low): 2
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Sensitive)

Finding ID Severity Title
V-225227 Medium CAS and policy configuration files must be backed up.
V-225228 Medium Remoting Services HTTP channels must utilize authentication and encryption.
V-225229 Medium .Net Framework versions installed on the system must be supported.
V-225238 Medium Disable TLS RC4 cipher in .Net
V-225224 Medium The Trust Providers Software Publishing State must be set to 0x23C00.
V-225225 Medium Developer certificates used with the .NET Publisher Membership Condition must be approved by the IAO.
V-225226 Medium Encryption keys used for the .NET Strong Name Membership Condition must be protected.
V-225233 Medium Trust must be established prior to enabling the loading of remote code in .Net 4.
V-225231 Medium .NET must be configured to validate strong names on full-trust assemblies.
V-225223 Medium Digital signatures assigned to strongly named assemblies must be verified.
V-225237 Medium Remoting Services TCP channels must utilize authentication and encryption.
V-225236 Medium Software utilizing .Net 4.0 must be identified and relevant access controls configured.
V-225230 Medium The .NET CLR must be configured to use FIPS approved encryption modules.
V-225235 Medium Event tracing for Windows (ETW) for Common Language Runtime events must be enabled.
V-225234 Low .NET default proxy settings must be reviewed and approved.
V-225232 Low .Net applications that invoke NetFx40_LegacySecurityPolicy must apply previous versions of .NET STIG guidance.