Navigate

Check: WN08-CC-000053

Windows 8/8.1 STIG: WN08-CC-000053 (in versions v1 r23 through v1 r16)

Title

Signing in using a PIN must be turned off. (Cat II impact)

Discussion

Strong sign-on must be used to protect a system. The PIN feature is limited to 4 numbers and caches the domain password in the system vault.

Check Content

If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Subkey: \Software\Policies\Microsoft\Windows\System\ Value Name: AllowDomainPINLogon Type: REG_DWORD Value: 0

Fix Text

Configure the policy value for Computer Configuration -> Administrative Templates -> System -> Logon -> "Turn on PIN sign-in" to "Disabled".

Additional Identifiers

Rule ID: SV-48312r2_rule

Vulnerability ID: V-36689

Group Title: WN08-CC-000053

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000381	Configure the system to provide only organization-defined mission essential capabilities.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-7	Least Functionality