STIGQter: STIG Summary: Microsoft Windows Server 2016 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:

Secure Boot must be enabled on Windows Server 2016 systems.

DISA Rule

SV-224864r569186_rule

Vulnerability Number

V-224864

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

WN16-00-000470

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Enable Secure Boot in the system firmware.

Check Contents

Some older systems may not have UEFI firmware. This is currently a CAT III; it will be raised in severity at a future date when broad support of Windows hardware and firmware requirements are expected to be met. Devices that have UEFI firmware must have Secure Boot enabled.

Run "System Information".

Under "System Summary", if "Secure Boot State" does not display "On", this is a finding.

Vulnerability Number

V-224864

Documentable

False

Rule Version

WN16-00-000470

Severity Override Guidance

Some older systems may not have UEFI firmware. This is currently a CAT III; it will be raised in severity at a future date when broad support of Windows hardware and firmware requirements are expected to be met. Devices that have UEFI firmware must have Secure Boot enabled.

Run "System Information".

Under "System Summary", if "Secure Boot State" does not display "On", this is a finding.

Check Content Reference

M

Target Key

4205

Comments