An error occurred:

Check: WN11-CC-000370

Microsoft Windows 11 STIG: WN11-CC-000370 (in versions v1 r6 through v1 r1)

Title

The convenience PIN for Windows 11 must be disabled. (Cat II impact)

Discussion

This policy controls whether a domain user can sign in using a convenience PIN to prevent enabling (Password Stuffer).

Check Content

If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Microsoft\Windows\System Value Name: AllowDomainPINLogon Value Type: REG_DWORD Value data: 0

Fix Text

Disable the convenience PIN sign-in. To correct this, configure the policy value for Computer Configuration >> Administrative Templates >> System >> Logon >> Set "Turn on convenience PIN sign-in" to "Disabled".

Additional Identifiers

Rule ID: SV-253423r840184_rule

Vulnerability ID: V-253423

Group Title: SRG-OS-000095-GPOS-00049

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000381

The organization configures the information system to provide only essential capabilities.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-7

Least Functionality