STIGQter: STIG Summary: Windows 10 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:

Windows 10 must use multifactor authentication for local and network access to privileged and non-privileged accounts.

DISA Rule

SV-220946r569187_rule

Vulnerability Number

V-220946

Group Title

SRG-OS-000105-GPOS-00052

Rule Version

WN10-SO-000251

Severity

CAT II

CCI(s)

• CCI-000765 - The information system implements multifactor authentication for network access to privileged accounts.

Weight

10

Fix Recommendation

For non-domain joined systems, configuring Windows Hello for sign on options would be suggested based on the organizations needs and capabilities.

Note: Before applying, the supplemental guidance provided with the STIG should be consulted to ensure continued access to the operating system.

Check Contents

If the system is a member of a domain this is Not Applicable.

If one of the following settings does not exist and is not populated, this is a finding:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\Readers
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards

Vulnerability Number

V-220946

Documentable

False

Rule Version

WN10-SO-000251

Severity Override Guidance

If the system is a member of a domain this is Not Applicable.

If one of the following settings does not exist and is not populated, this is a finding:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\Readers
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards

Check Content Reference

M

Target Key

4072

Comments