Scan: _Reviewed/MONT-WS-92040/Checklist/MONT-WS-92040_Win10_V3R4_20251023-142421.ckl

Back to USNS MONTFORD POINT Scans

Scan Information

Ship: USNS MONTFORD POINT
Hull Number: T-ESD-1
Scan Date: 2026-01-14
Source File: MONT-WS-92040 Win10 20251023-142421
Source Tool: Evaluate-STIG
Imported: 2026-01-14 17:57
Hostname (from CKL asset — override if blank or incorrect)

Upgrade History Export CSV Export Excel

STIG Benchmark

Microsoft Windows 10 Security Technical Implementation Guide

Version

V3R6

Score

94.3%

Total

261

Open

OCA Technology Area

Assign this checklist to an OCA assessment area for scoring

Hostname: MONT-WS-92040
STIG Benchmark: Microsoft Windows 10 Security Technical Implementation Guide

Current Area: Windows OS

Change Area

View all findings in Windows OS area →

STIG Rule Mapping

261

Mapped to STIG

Unmapped

261

Total Findings

All findings mapped to STIG rules.

Checklist Scoring

Severity	Not a Finding	Not Applicable	Open	Total
CAT I	25	1	3	29
CAT II	188	15	11	214
CAT III	16	1	1	18
Total	229	17	15	261

Filter:

Status:

Severity:

Vuln IDs (261)

V-220697 Domain-joined systems must use Windows 10 Enterpri...

V-220698 Windows 10 domain-joined systems must have a Trust...

V-220699 Windows 10 systems must have Unified Extensible Fi...

V-220700 Secure Boot must be enabled on Windows 10 systems.

V-220701 Windows 10 must employ automated mechanisms to det...

V-220702 Windows 10 information systems must use BitLocker ...

V-220703 Windows 10 systems must use a BitLocker PIN for pr...

V-220704 Windows 10 systems must use a BitLocker PIN with a...

V-220705 The operating system must employ a deny-all, permi...

V-220706 Windows 10 systems must be maintained at a support...

V-220707 The Windows 10 system must use an anti-virus progr...

V-220708 Local volumes must be formatted using NTFS.

V-220709 Alternate operating systems must not be permitted ...

V-220710 Non system-created file shares on a system must li...

V-220711 Unused accounts must be disabled or removed from t...

V-220712 Only accounts responsible for the administration o...

V-220713 Only accounts responsible for the backup operation...

V-220714 Only authorized user accounts must be allowed to c...

V-220715 Standard local user accounts must not exist on a s...

V-220716 Accounts must be configured to require password ex...

V-220717 Permissions for system files and directories must ...

V-220718 Internet Information System (IIS) or its subcompon...

V-220719 Simple Network Management Protocol (SNMP) must not...

V-220720 Simple TCP/IP Services must not be installed on th...

V-220721 The Telnet Client must not be installed on the sys...

V-220722 The TFTP Client must not be installed on the syste...

V-220723 Software certificate installation files must be re...

V-220724 A host-based firewall must be installed and enable...

V-220725 Inbound exceptions to the firewall on Windows 10 d...

V-220726 Data Execution Prevention (DEP) must be configured...

V-220727 Structured Exception Handling Overwrite Protection...

V-220728 The Windows PowerShell 2.0 feature must be disable...

V-220729 The Server Message Block (SMB) v1 protocol must be...

V-220730 The Server Message Block (SMB) v1 protocol must be...

V-220731 The Server Message Block (SMB) v1 protocol must be...

V-220732 The Secondary Logon service must be disabled on Wi...

V-220733 Orphaned security identifiers (SIDs) must be remov...

V-220734 Bluetooth must be turned off unless approved by th...

V-220735 Bluetooth must be turned off when not in use.

V-220736 The system must notify the user when a Bluetooth d...

V-220737 Administrative accounts must not be used with appl...

V-220738 Windows 10 nonpersistent VM sessions must not exce...

V-220739 Windows 10 account lockout duration must be config...

V-220740 The number of allowed bad logon attempts must be c...

V-220741 The period of time before the bad logon counter is...

V-220742 The password history must be configured to 24 pass...

V-220743 The maximum password age must be configured to 60 ...

V-220744 The minimum password age must be configured to at ...

V-220745 Passwords must, at a minimum, be 14 characters.

V-220746 The built-in Microsoft password complexity filter ...

V-220747 Reversible password encryption must be disabled.

V-220748 The system must be configured to audit Account Log...

V-220749 The system must be configured to audit Account Log...

V-220750 The system must be configured to audit Account Man...

V-220751 The system must be configured to audit Account Man...

V-220752 The system must be configured to audit Account Man...

V-220753 The system must be configured to audit Detailed Tr...

V-220754 The system must be configured to audit Detailed Tr...

V-220755 The system must be configured to audit Logon/Logof...

V-220756 The system must be configured to audit Logon/Logof...

V-220757 The system must be configured to audit Logon/Logof...

V-220758 The system must be configured to audit Logon/Logof...

V-220759 The system must be configured to audit Logon/Logof...

V-220760 The system must be configured to audit Logon/Logof...

V-220761 Windows 10 must be configured to audit Object Acce...

V-220762 Windows 10 must be configured to audit Object Acce...

V-220763 Windows 10 must be configured to audit Object Acce...

V-220764 Windows 10 must be configured to audit Object Acce...

V-220765 The system must be configured to audit Object Acce...

V-220766 The system must be configured to audit Object Acce...

V-220767 The system must be configured to audit Policy Chan...

V-220768 The system must be configured to audit Policy Chan...

V-220769 The system must be configured to audit Policy Chan...

V-220770 The system must be configured to audit Privilege U...

V-220771 The system must be configured to audit Privilege U...

V-220772 The system must be configured to audit System - IP...

V-220773 The system must be configured to audit System - Ot...

V-220774 The system must be configured to audit System - Ot...

V-220775 The system must be configured to audit System - Se...

V-220776 The system must be configured to audit System - Se...

V-220777 The system must be configured to audit System - Sy...

V-220778 The system must be configured to audit System - Sy...

V-220779 The Application event log size must be configured ...

V-220780 The Security event log size must be configured to ...

V-220781 The System event log size must be configured to 32...

V-220782 Windows 10 permissions for the Application event l...

V-220783 Windows 10 permissions for the Security event log ...

V-220784 Windows 10 permissions for the System event log mu...

V-220786 Windows 10 must be configured to audit Other Polic...

V-220787 Windows 10 must be configured to audit other Logon...

V-220788 Windows 10 must be configured to audit other Logon...

V-220789 Windows 10 must be configured to audit Detailed Fi...

V-220790 Windows 10 must be configured to audit MPSSVC Rule...

V-220791 Windows 10 must be configured to audit MPSSVC Rule...

V-220792 Camera access from the lock screen must be disable...

V-220793 Windows 10 must cover or disable the built-in or a...

V-220794 The display of slide shows on the lock screen must...

V-220795 IPv6 source routing must be configured to highest ...

V-220796 The system must be configured to prevent IP source...

V-220797 The system must be configured to prevent Internet ...

V-220798 The system must be configured to ignore NetBIOS na...

V-220799 Local administrator accounts must have their privi...

V-220800 WDigest Authentication must be disabled.

V-220801 Run as different user must be removed from context...

V-220802 Insecure logons to an SMB server must be disabled.

V-220803 Internet connection sharing must be disabled.

V-220805 Windows 10 must be configured to prioritize ECC Cu...

V-220806 Simultaneous connections to the internet or a Wind...

V-220807 Connections to non-domain networks when connected ...

V-220808 Wi-Fi Sense must be disabled.

V-220809 Command line data must be included in process crea...

V-220810 Windows 10 must be configured to enable Remote hos...

V-220811 Virtualization Based Security must be enabled on W...

V-220812 Credential Guard must be running on Windows 10 dom...

V-220813 Early Launch Antimalware, Boot-Start Driver Initia...

V-220814 Group Policy objects must be reprocessed even if t...

V-220815 Downloading print driver packages over HTTP must b...

V-220816 Web publishing and online ordering wizards must be...

V-220817 Printing over HTTP must be prevented.

V-220818 Systems must at least attempt device authenticatio...

V-220819 The network selection user interface (UI) must not...

V-220820 Local users on domain-joined computers must not be...

V-220821 Users must be prompted for a password on resume fr...

V-220822 The user must be prompted for a password on resume...

V-220823 Solicited Remote Assistance must not be allowed.

V-220824 Unauthenticated RPC clients must be restricted fro...

V-220825 The setting to allow Microsoft accounts to be opti...

V-220826 The Application Compatibility Program Inventory mu...

V-220827 Autoplay must be turned off for non-volume devices...

V-220828 The default autorun behavior must be configured to...

V-220829 Autoplay must be disabled for all drives.

V-220830 Enhanced anti-spoofing for facial recognition must...

V-220831 Microsoft consumer experiences must be turned off.

V-220832 Administrator accounts must not be enumerated duri...

V-220833 If Enhanced diagnostic data is enabled it must be ...

V-220834 Windows Telemetry must not be configured to Full.

V-220835 Windows Update must not obtain updates from other ...

V-220836 The Windows Defender SmartScreen for Explorer must...

V-220837 Explorer Data Execution Prevention must be enabled...

V-220838 Turning off File Explorer heap termination on corr...

V-220839 File Explorer shell protocol must run in protected...

V-220840 Users must not be allowed to ignore Windows Defend...

V-220841 Users must not be allowed to ignore Windows Defend...

V-220842 Windows 10 must be configured to prevent certifica...

V-220843 The password manager function in the Edge browser ...

V-220844 The Windows Defender SmartScreen filter for Micros...

V-220845 Windows 10 must be configured to disable Windows G...

V-220846 The use of a hardware security device with Windows...

V-220847 Windows 10 must be configured to require a minimum...

V-220848 Passwords must not be saved in the Remote Desktop ...

V-220849 Local drives must be prevented from sharing with R...

V-220850 Remote Desktop Services must always prompt a clien...

V-220851 The Remote Desktop Session Host must require secur...

V-220852 Remote Desktop Services must be configured with th...

V-220853 Attachments must be prevented from being downloade...

V-220854 Basic authentication for RSS feeds over HTTP must ...

V-220855 Indexing of encrypted files must be turned off.

V-220856 Users must be prevented from changing installation...

V-220857 The Windows Installer Always install with elevated...

V-220858 Users must be notified if a web-based program atte...

V-220859 Automatically signing in the last interactive user...

V-220860 PowerShell script block logging must be enabled on...

V-220862 The Windows Remote Management (WinRM) client must ...

V-220863 The Windows Remote Management (WinRM) client must ...

V-220865 The Windows Remote Management (WinRM) service must...

V-220866 The Windows Remote Management (WinRM) service must...

V-220867 The Windows Remote Management (WinRM) service must...

V-220868 The Windows Remote Management (WinRM) client must ...

V-220869 Windows 10 must be configured to prevent Windows a...

V-220870 The convenience PIN for Windows 10 must be disable...

V-220871 Windows Ink Workspace must be configured to disall...

V-220872 Windows 10 should be configured to prevent users f...

V-220902 Windows 10 Kernel (Direct Memory Access) DMA Prote...

V-220903 The DoD Root CA certificates must be installed in ...

V-220904 The External Root CA certificates must be installe...

V-220905 The DoD Interoperability Root CA cross-certificate...

V-220906 The US DOD CCEB Interoperability Root CA cross-cer...

V-220907 Default permissions for the HKEY_LOCAL_MACHINE reg...

V-220908 The built-in administrator account must be disable...

V-220909 The built-in guest account must be disabled.

V-220910 Local accounts with blank passwords must be restri...

V-220911 The built-in administrator account must be renamed...

V-220912 The built-in guest account must be renamed.

V-220913 Audit policy using subcategories must be enabled.

V-220914 Outgoing secure channel traffic must be encrypted ...

V-220915 Outgoing secure channel traffic must be encrypted ...

V-220916 Outgoing secure channel traffic must be signed whe...

V-220917 The computer account password must not be prevente...

V-220918 The maximum age for machine account passwords must...

V-220919 The system must be configured to require a strong ...

V-220920 The machine inactivity limit must be set to 15 min...

V-220921 The required legal notice must be configured to di...

V-220922 The Windows dialog box title for the legal banner ...

V-220923 Caching of logon credentials must be limited.

V-220924 The Smart Card removal option must be configured t...

V-220925 The Windows SMB client must be configured to alway...

V-220926 Unencrypted passwords must not be sent to third-pa...

V-220927 The Windows SMB server must be configured to alway...

V-220928 Anonymous SID/Name translation must not be allowed...

V-220929 Anonymous enumeration of SAM accounts must not be ...

V-220930 Anonymous enumeration of shares must be restricted...

V-220931 The system must be configured to prevent anonymous...

V-220932 Anonymous access to Named Pipes and Shares must be...

V-220933 Remote calls to the Security Account Manager (SAM)...

V-220934 NTLM must be prevented from falling back to a Null...

V-220935 PKU2U authentication using online identities must ...

V-220936 Kerberos encryption types must be configured to pr...

V-220937 The system must be configured to prevent the stora...

V-220938 The LanMan authentication level must be set to sen...

V-220939 The system must be configured to the required LDAP...

V-220940 The system must be configured to meet the minimum ...

V-220941 The system must be configured to meet the minimum ...

V-220942 The system must be configured to use FIPS-complian...

V-220943 The default permissions of global system objects m...

V-220944 User Account Control approval mode for the built-i...

V-220945 User Account Control must, at minimum, prompt admi...

V-220946 Windows 10 must use multifactor authentication for...

V-220947 User Account Control must automatically deny eleva...

V-220948 User Account Control must be configured to detect ...

V-220949 User Account Control must only elevate UIAccess ap...

V-220950 User Account Control must run all administrators i...

V-220951 User Account Control must virtualize file and regi...

V-220952 Passwords for enabled local Administrator accounts...

V-220954 Toast notifications to the lock screen must be tur...

V-220955 Zone information must be preserved when saving att...

V-220956 The Access Credential Manager as a trusted caller ...

V-220957 The Access this computer from the network user rig...

V-220958 The Act as part of the operating system user right...

V-220959 The Allow log on locally user right must only be a...

V-220960 The Back up files and directories user right must ...

V-220961 The Change the system time user right must only be...

V-220962 The Create a pagefile user right must only be assi...

V-220963 The Create a token object user right must not be a...

V-220964 The Create global objects user right must only be ...

V-220965 The Create permanent shared objects user right mus...

V-220966 The Create symbolic links user right must only be ...

V-220967 The Debug programs user right must only be assigne...

V-220968 The Deny access to this computer from the network ...

V-220969 The "Deny log on as a batch job" user right on dom...

V-220970 The Deny log on as a service user right on Windows...

V-220971 The Deny log on locally user right on workstations...

V-220972 The Deny log on through Remote Desktop Services us...

V-220973 The Enable computer and user accounts to be truste...

V-220974 The Force shutdown from a remote system user right...

V-220975 The "Impersonate a client after authentication" us...

V-220976 The Load and unload device drivers user right must...

V-220977 The Lock pages in memory user right must not be as...

V-220978 The Manage auditing and security log user right mu...

V-220979 The Modify firmware environment values user right ...

V-220980 The Perform volume maintenance tasks user right mu...

V-220981 The Profile single process user right must only be...

V-220982 The Restore files and directories user right must ...

V-220983 The Take ownership of files or other objects user ...

V-250319 Hardened UNC paths must be defined to require mutu...

V-252896 PowerShell Transcription must be enabled on Window...

V-252903 Virtualization-based protection of code integrity ...

V-256894 Internet Explorer must be disabled for Windows 10.

V-257589 Windows 10 must have command line process auditing...

V-257593 Windows 10 must not have portproxy enabled or in u...

V-268315 Copilot must be disabled for Windows 10.

V-268319 Windows 10 systems must use either Group Policy or...

Vulnerability Details

Click a Vuln ID on the left to view details.

Status & Comments

Select a finding to edit.

← Back to USNS MONTFORD POINT Scans