STIGQter: STIG Summary: Microsoft DotNet Framework 4.0 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

.NET default proxy settings must be reviewed and approved.

DISA Rule

SV-225234r615940_rule

Vulnerability Number

V-225234

Group Title

SRG-APP-000516

Rule Version

APPNET0066

Severity

CAT III

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Open Windows explorer and search for all "*.exe.config" and "machine.config" files.

Search each file for the "defaultProxy" element.

Clear the values contained in the "defaultProxy" element, and the "bypasslist", "module", and "proxy" child elements.

The IAO must provide documented approvals of any non-default proxy servers.

Check Contents

Open Windows explorer and search for all "*.exe.config" and "machine.config" files.

Search each file for the "defaultProxy" element.

<defaultProxy
enabled="true|false"
useDefaultCredentials="true|false"
<bypasslist> … </bypasslist>
<proxy> … </proxy>
<module> … </module>
/>

If the "defaultProxy" setting "enabled=false" or if the "bypasslist", "module", or "proxy" child elements have configuration entries and there are no documented approvals from the IAO, this is a finding.

If the "defaultProxy" element is empty then the framework is using default browser settings, this is not a finding.

.NET default proxy settings must be reviewed and approved.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments