STIGQter: STIG Summary: Windows 10 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:

Windows Ink Workspace must be configured to disallow access above the lock.

DISA Rule

SV-220871r642141_rule

Vulnerability Number

V-220871

Group Title

SRG-OS-000095-GPOS-00049

Rule Version

WN10-CC-000385

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Disable the convenience PIN sign-in.

If this needs to be corrected, configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Ink Workspace >> Set "Allow Windows Ink Workspace" to "Enabled” and set Options "On, but disallow access above lock".

Check Contents

If the following registry value does not exist or is not configured as specified, this is a finding.

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \Software\Policies\Microsoft\WindowsInkWorkspace

Value Name: AllowWindowsInkWorkspace
Value Type: REG_DWORD
Value data: 1

Vulnerability Number

V-220871

Documentable

False

Rule Version

WN10-CC-000385

Severity Override Guidance

If the following registry value does not exist or is not configured as specified, this is a finding.

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \Software\Policies\Microsoft\WindowsInkWorkspace

Value Name: AllowWindowsInkWorkspace
Value Type: REG_DWORD
Value data: 1

Check Content Reference

M

Target Key

4072

Comments