STIGQter STIGQter: STIG Summary: Windows Server 2019 Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jan 2020: Windows Server 2019 must have Secure Boot enabled.

DISA Rule

SV-103319r1_rule

Vulnerability Number

V-93231

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

WN19-00-000470

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Enable Secure Boot in the system firmware.

Check Contents

Some older systems may not have UEFI firmware. This is currently a CAT III; it will be raised in severity at a future date when broad support of Windows hardware and firmware requirements are expected to be met. Devices that have UEFI firmware must have Secure Boot enabled.

Run "System Information".

Under "System Summary", if "Secure Boot State" does not display "On", this is a finding.

On server core installations, run the following PowerShell command:

Confirm-SecureBootUEFI

If a value of "True" is not returned, this is a finding.

Vulnerability Number

V-93231

Documentable

False

Rule Version

WN19-00-000470

Severity Override Guidance

Some older systems may not have UEFI firmware. This is currently a CAT III; it will be raised in severity at a future date when broad support of Windows hardware and firmware requirements are expected to be met. Devices that have UEFI firmware must have Secure Boot enabled.

Run "System Information".

Under "System Summary", if "Secure Boot State" does not display "On", this is a finding.

On server core installations, run the following PowerShell command:

Confirm-SecureBootUEFI

If a value of "True" is not returned, this is a finding.

Check Content Reference

M

Target Key

3483

Comments