Check: WN10-CC-000370
Microsoft Windows 10 STIG:
WN10-CC-000370
(in versions v3 r2 through v1 r20)
Title
The convenience PIN for Windows 10 must be disabled. (Cat II impact)
Discussion
This policy controls whether a domain user can sign in using a convenience PIN to prevent enabling (Password Stuffer).
Check Content
If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Microsoft\Windows\System Value Name: AllowDomainPINLogon Value Type: REG_DWORD Value data: 0
Fix Text
Disable the convenience PIN sign-in. If this needs to be corrected configure the policy value for Computer Configuration >> Administrative Templates >> System >> Logon >> Set "Turn on convenience PIN sign-in" to "Disabled”.
Additional Identifiers
Rule ID: SV-220870r958478_rule
Vulnerability ID: V-220870
Group Title: SRG-OS-000095-GPOS-00049
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
Configure the system to provide only organization-defined mission essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |