Navigate

Check: WN11-00-000125

Microsoft Windows 11 STIG: WN11-00-000125 (in version v2 r2)

Title

Copilot in Windows must be disabled for Windows 11 (Cat II impact)

Discussion

Some features may communicate with the vendor, sending system information or downloading data or components for the feature. Turning off this capability will prevent potentially sensitive information from being sent outside the enterprise and uncontrolled updates to the system.

Check Content

If the following local computer policy is not configured as specified, this is a finding: User Configuration >> Administrative Templates >> Windows Components >> Windows Copilot >> "Turn off Windows Copilot" to "Enabled”.

Fix Text

Configure the policy value for User Configuration >> Administrative Templates >> Windows Components >> Windows Copilot >> "Turn off Windows Copilot" to "Enabled".

Additional Identifiers

Rule ID: SV-268317r1016371_rule

Vulnerability ID: V-268317

Group Title: SRG-OS-000096-GPOS-00050

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000382	Configure the system to prohibit or restrict the use of organization-defined prohibited or restricted functions, system ports, protocols, software, and/or services.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-7	Least Functionality