An error occurred:

Microsoft Windows PAW STIG Version Comparison

Microsoft Windows PAW Security Technical Implementation Guide

Comparison

There are 2 differences between versions v2 r1 (Nov. 1, 2021) (the "left" version) and v2 r3 (Nov. 9, 2023) (the "right" version).

Check WPAW-00-000700 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Text Differences

Title

The Windows PAW must be configured with a vendor-supported version of Windows 10 11 and applicable security patches that are DoD DOD approved.

Check Content

Determine the current approved versions of Windows 10. Talk 11. Talk to the Authorizing authorizing Official official (AO) staff, Information information System system Security security Manager manager (ISSM), or PAW system administrator to determine the approved versions of Windows 10. Review 11. Review the configuration of the PAW and determine which version of Windows is installed on the PAW. Verify the installed Windows 10 11 version is an approved version. If the installed Windows 10 11 version on the PAW is not the same as an approved version, this is a finding.

Discussion

Older versions of operating systems usually contain vulnerabilities that have been fixed in later released versions. In addition, most operating system patches contain fixes for recently discovered security vulnerabilities. Due to the highly privileged activities of a PAW, it must be maintained at the highest security posture possible and therefore must have one of the current vendor-supported operating system versions installed.

Fix

Install one of the current vendor-supported versions of Windows 10 11 on site PAWs, including the most recently released patches. Note: There is no central list in the DoD DOD of "approved" operating system versions. The Microsoft website will list supported versions of Windows 10 11 and patches. If a STIG is available for one or more of the vendor-supported versions of Windows 10, 11, the version can be considered to be DoD DOD approved. Local AOs usually have implemented a procedure for testing Windows updates before they are deployed. Check with the local AO's staff to determine the latest approved version of Windows 10. 11.