Check: WN11-00-000015
Microsoft Windows 11 STIG:
WN11-00-000015
(in versions v1 r6 through v1 r1)
Title
Windows 11 systems must have Unified Extensible Firmware Interface (UEFI) firmware and be configured to run in UEFI mode, not Legacy BIOS. (Cat II impact)
Discussion
UEFI provides additional security features in comparison to legacy BIOS firmware, including Secure Boot. UEFI is required to support additional security features in Windows 11, including virtualization-based Security and Credential Guard. Systems with UEFI that are operating in Legacy BIOS mode will not support these security features.
Check Content
For virtual desktop implementations (VDIs) where the virtual desktop instance is deleted or refreshed upon logoff, this is NA. Verify the system firmware is configured to run in UEFI mode, not Legacy BIOS. Run "System Information". Under "System Summary", if "BIOS Mode" does not display "UEFI", this is a finding.
Fix Text
Configure UEFI firmware to run in UEFI mode, not Legacy BIOS mode.
Additional Identifiers
Rule ID: SV-253256r877465_rule
Vulnerability ID: V-253256
Group Title: SRG-OS-000424-GPOS-00188
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-002391 |
The organization monitors organization-defined information system resources to determine if sufficient resources exist to prevent effective denial of service attacks. |
| CCI-002421 |
The information system implements cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by organization-defined alternative physical safeguards. |