An error occurred:

Check: WN10-CC-000370

Microsoft Windows 10 STIG: WN10-CC-000370 (in versions v2 r9 through v1 r20)

Title

The convenience PIN for Windows 10 must be disabled. (Cat II impact)

Discussion

This policy controls whether a domain user can sign in using a convenience PIN to prevent enabling (Password Stuffer).

Check Content

If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Microsoft\Windows\System Value Name: AllowDomainPINLogon Value Type: REG_DWORD Value data: 0

Fix Text

Disable the convenience PIN sign-in. If this needs to be corrected configure the policy value for Computer Configuration >> Administrative Templates >> System >> Logon >> Set "Turn on convenience PIN sign-in" to "Disabled”.

Additional Identifiers

Rule ID: SV-220870r569187_rule

Vulnerability ID: V-220870

Group Title: SRG-OS-000095-GPOS-00049

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000381

The organization configures the information system to provide only essential capabilities.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-7

Least Functionality