OCA Area Detail - Windows OS

Back to Reports

Windows OS

Windows workstations and servers

Minimal Concern

1.7%

Combined Weighted Score

Score Breakdown

0 / 68

CAT I Open / Total

0.0% open rate (weight: 10)

74 / 1298

CAT II Open / Total

5.7% open rate (weight: 4)

3 / 92

CAT III Open / Total

3.3% open rate (weight: 1)

Percentages are open-rate values (`Open / Total`). Closed/compliance rate is `100% - open rate`.

Checklist Files Contributing to This Area (20)

These hostname + STIG combinations are mapped to this assessment area

Checklist File	Hostname	STIG Benchmark	Version	Actions
MONT-SW-89134_Win10_V3R5_20251217-201218.ckl	MONT-SW-89134	Microsoft Windows 10 Security Technical Implementation Guide	V3R6	Edit
MONT-SW-89134_Win10_V3R5_20251217-201218.ckl	MONT-SW-89134	Microsoft Windows 10 Security Technical Implementation Guide	V3R4 Outdated: Latest V3R6	Edit
MONT-SW-89134_MSOffice365_V3R4_20251217-201101.ckl	MONT-SW-89134	Microsoft Office 365 ProPlus Security Technical Implementation Guide	V3R5	Edit
MONT-SW-89134_MSOffice365_V3R4_20251217-201101.ckl	MONT-SW-89134	Microsoft Office 365 ProPlus Security Technical Implementation Guide	V3R4 Outdated: Latest V3R5	Edit
MONT-SW-89134_MSEdge_V2R3_20251217-201011.ckl	MONT-SW-89134	Microsoft Edge Security Technical Implementation Guide	V2R5	Edit
MONT-SW-89134_IE11_V2R5_20251217-201035.ckl	MONT-SW-89134	Microsoft Internet Explorer 11 Security Technical Implementation Guide	V2R5	Edit
MONT-SW-89134_Firefox_V6R6_20251217-201244.ckl	MONT-SW-89134	Mozilla Firefox Security Technical Implementation Guide	V6R7	Edit
MONT-SW-89134_DotNET4_V2R7_20251217-201000.ckl	MONT-SW-89134	Microsoft DotNet Framework 4.0 Security Technical Implementation Guide	V2R8	Edit
MONT-SW-89134_Chrome_V2R11_20251217-200930.ckl	MONT-SW-89134	Google Chrome Current Windows Security Technical Implementation Guide	V2R11	Edit
MONT-SW-89134_AdobeReaderDCContinuous_V2R1_20251217-200921.ckl	MONT-SW-89134	Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide	V2R1	Edit
MONT-SW-89108_Win10_V3R5_20251217-203019.ckl	MONT-SW-89108	Microsoft Windows 10 Security Technical Implementation Guide	V3R6	Edit
MONT-SW-89108_Win10_V3R5_20251217-203019.ckl	MONT-SW-89108	Microsoft Windows 10 Security Technical Implementation Guide	V3R4 Outdated: Latest V3R6	Edit
MONT-SW-89108_MSOffice365_V3R4_20251217-202911.ckl	MONT-SW-89108	Microsoft Office 365 ProPlus Security Technical Implementation Guide	V3R5	Edit
MONT-SW-89108_MSOffice365_V3R4_20251217-202911.ckl	MONT-SW-89108	Microsoft Office 365 ProPlus Security Technical Implementation Guide	V3R4 Outdated: Latest V3R5	Edit
MONT-SW-89108_MSEdge_V2R3_20251217-202829.ckl	MONT-SW-89108	Microsoft Edge Security Technical Implementation Guide	V2R5	Edit
MONT-SW-89108_IE11_V2R5_20251217-202849.ckl	MONT-SW-89108	Microsoft Internet Explorer 11 Security Technical Implementation Guide	V2R5	Edit
MONT-SW-89108_Firefox_V6R6_20251217-203042.ckl	MONT-SW-89108	Mozilla Firefox Security Technical Implementation Guide	V6R7	Edit
MONT-SW-89108_DotNET4_V2R7_20251217-202821.ckl	MONT-SW-89108	Microsoft DotNet Framework 4.0 Security Technical Implementation Guide	V2R8	Edit
MONT-SW-89108_Chrome_V2R11_20251217-202759.ckl	MONT-SW-89108	Google Chrome Current Windows Security Technical Implementation Guide	V2R11	Edit
MONT-SW-89108_AdobeReaderDCContinuous_V2R1_20251217-202743.ckl	MONT-SW-89108	Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide	V2R1	Edit

Open Findings (77)

Findings that remain open and contribute to the score

MONT-SW-89108

Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide MONT-SW-89108_AdobeReaderDCContinuous_V2R1_20251217-202743.ckl

Edit 1 open

Severity	Vuln ID	Rule Title	Status
CAT II	V-213193	Adobe Reader DC must enable FIPS mode.	Open (Open)

MONT-SW-89108

Microsoft Windows 10 Security Technical Implementation Guide MONT-SW-89108_Win10_V3R5_20251217-203019.ckl

Edit 8 open

Severity	Vuln ID	Rule Title	Status
CAT II	V-220716	Accounts must be configured to require password expiration.	Open (Open)
CAT II	V-220952	Passwords for enabled local Administrator accounts must be changed at least ever...	Open (Open)
CAT II	V-278918	Windows 10 must be configured to audit file system failures.	Open (Open)
CAT II	V-278919	Windows 10 must be configured to audit file system successes.	Open (Open)
CAT II	V-278920	Windows 10 must be configured to audit handle manipulation failures.	Open (Open)
CAT II	V-278921	Windows 10 must be configured to audit handle manipulation successes.	Open (Open)
CAT II	V-278922	Windows 10 must be configured to audit registry successes.	Open (Open)
CAT II	V-278923	Windows 10 must be configured to audit registry failures.	Open (Open)

MONT-SW-89108

Microsoft Office 365 ProPlus Security Technical Implementation Guide MONT-SW-89108_MSOffice365_V3R4_20251217-202911.ckl

Edit 16 open

Severity	Vuln ID	Rule Title	Status
CAT II	V-223280	Macros must be blocked from running in Access files from the Internet.	Open (Open)
CAT II	V-223297	Consistent MIME handling must be enabled for all Office 365 ProPlus programs.	Open (Open)
CAT II	V-223299	The Information Bar must be enabled in all Office programs.	Open (Open)
CAT II	V-223300	The Local Machine Zone Lockdown Security must be enabled in all Office programs.	Open (Open)
CAT II	V-223301	The MIME Sniffing safety feature must be enabled in all Office programs.	Open (Open)
CAT II	V-223303	Object Caching Protection must be enabled in all Office programs.	Open (Open)
CAT II	V-223311	VBA Macros not digitally signed must be blocked in Excel.	Open (Open)
CAT II	V-223323	Open/save of Excel 95 workbooks must be blocked.	Open (Open)
CAT II	V-223324	Open/save of Excel 95-97 workbooks and templates must be blocked.	Open (Open)
CAT II	V-223377	VBA Macros not digitally signed must be blocked in PowerPoint.	Open (Open)
CAT II	V-223408	Open/Save of Word 2000 binary documents and templates must be blocked.	Open (Open)
CAT II	V-223412	Open/Save of Word 95 binary documents and templates must be blocked.	Open (Open)
CAT II	V-223413	Open/Save of Word 97 binary documents and templates must be blocked.	Open (Open)
CAT II	V-223414	Open/Save of Word XP binary documents and templates must be blocked.	Open (Open)
CAT II	V-223417	VBA Macros not digitally signed must be blocked in Word.	Open (Open)
CAT II	V-278355	Sending of diagnostic data to Microsoft must be disabled.	Open (Open)

MONT-SW-89108

Microsoft DotNet Framework 4.0 Security Technical Implementation Guide MONT-SW-89108_DotNET4_V2R7_20251217-202821.ckl

Edit 1 open

Severity	Vuln ID	Rule Title	Status
CAT II	V-225238	Update and configure the .NET Framework to support TLS.	Open (Open)

MONT-SW-89108

Google Chrome Current Windows Security Technical Implementation Guide MONT-SW-89108_Chrome_V2R11_20251217-202759.ckl

Edit 6 open

Severity	Vuln ID	Rule Title	Status
CAT II	V-275780	Create Themes with AI must be disabled.	Open (Open)
CAT II	V-275781	DevTools Generative AI features must be disabled.	Open (Open)
CAT II	V-275782	GenAI local foundational model must be disabled.	Open (Open)
CAT II	V-275783	Help Me Write must be disabled.	Open (Open)
CAT II	V-275784	AI-powered History Search must be disabled.	Open (Open)
CAT II	V-275785	Tab Compare Settings must be disabled.	Open (Open)

MONT-SW-89108 Outdated: V3R5

Microsoft Office 365 ProPlus Security Technical Implementation Guide MONT-SW-89108_MSOffice365_V3R4_20251217-202911.ckl

Edit 4 open

Severity	Vuln ID	Rule Title	Status
CAT II	V-278356	Connected experiences that analyze content must be disabled.	Open (Open)
CAT II	V-278357	Connected experiences that download online content must be disabled.	Open (Open)
CAT II	V-278358	Additional optional connected experiences must be disabled.	Open (Open)
CAT II	V-278359	Connected experiences must be disabled.	Open (Open)

MONT-SW-89134

Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide MONT-SW-89134_AdobeReaderDCContinuous_V2R1_20251217-200921.ckl

Edit 1 open

Severity	Vuln ID	Rule Title	Status
CAT II	V-213193	Adobe Reader DC must enable FIPS mode.	Open (Open)

MONT-SW-89134

Microsoft Windows 10 Security Technical Implementation Guide MONT-SW-89134_Win10_V3R5_20251217-201218.ckl

Edit 11 open

Severity	Vuln ID	Rule Title	Status
CAT II	V-220705	The operating system must employ a deny-all, permit-by-exception policy to allow...	Open (Open)
CAT II	V-220716	Accounts must be configured to require password expiration.	Open (Open)
CAT II	V-220903	The DoD Root CA certificates must be installed in the Trusted Root Store.	Open (Open)
CAT II	V-220952	Passwords for enabled local Administrator accounts must be changed at least ever...	Open (Open)
CAT II	V-278918	Windows 10 must be configured to audit file system failures.	Open (Open)
CAT II	V-278919	Windows 10 must be configured to audit file system successes.	Open (Open)
CAT II	V-278920	Windows 10 must be configured to audit handle manipulation failures.	Open (Open)
CAT II	V-278921	Windows 10 must be configured to audit handle manipulation successes.	Open (Open)
CAT II	V-278922	Windows 10 must be configured to audit registry successes.	Open (Open)
CAT II	V-278923	Windows 10 must be configured to audit registry failures.	Open (Open)
CAT III	V-220711	Unused accounts must be disabled or removed from the system after 35 days of ina...	Open (Open)

MONT-SW-89134

Microsoft Office 365 ProPlus Security Technical Implementation Guide MONT-SW-89134_MSOffice365_V3R4_20251217-201101.ckl

Edit 16 open

Severity	Vuln ID	Rule Title	Status
CAT II	V-223280	Macros must be blocked from running in Access files from the Internet.	Open (Open)
CAT II	V-223297	Consistent MIME handling must be enabled for all Office 365 ProPlus programs.	Open (Open)
CAT II	V-223299	The Information Bar must be enabled in all Office programs.	Open (Open)
CAT II	V-223300	The Local Machine Zone Lockdown Security must be enabled in all Office programs.	Open (Open)
CAT II	V-223301	The MIME Sniffing safety feature must be enabled in all Office programs.	Open (Open)
CAT II	V-223303	Object Caching Protection must be enabled in all Office programs.	Open (Open)
CAT II	V-223311	VBA Macros not digitally signed must be blocked in Excel.	Open (Open)
CAT II	V-223323	Open/save of Excel 95 workbooks must be blocked.	Open (Open)
CAT II	V-223324	Open/save of Excel 95-97 workbooks and templates must be blocked.	Open (Open)
CAT II	V-223377	VBA Macros not digitally signed must be blocked in PowerPoint.	Open (Open)
CAT II	V-223408	Open/Save of Word 2000 binary documents and templates must be blocked.	Open (Open)
CAT II	V-223412	Open/Save of Word 95 binary documents and templates must be blocked.	Open (Open)
CAT II	V-223413	Open/Save of Word 97 binary documents and templates must be blocked.	Open (Open)
CAT II	V-223414	Open/Save of Word XP binary documents and templates must be blocked.	Open (Open)
CAT II	V-223417	VBA Macros not digitally signed must be blocked in Word.	Open (Open)
CAT II	V-278355	Sending of diagnostic data to Microsoft must be disabled.	Open (Open)

MONT-SW-89134

Microsoft DotNet Framework 4.0 Security Technical Implementation Guide MONT-SW-89134_DotNET4_V2R7_20251217-201000.ckl

Edit 1 open

Severity	Vuln ID	Rule Title	Status
CAT II	V-225238	Update and configure the .NET Framework to support TLS.	Open (Open)

MONT-SW-89134

Google Chrome Current Windows Security Technical Implementation Guide MONT-SW-89134_Chrome_V2R11_20251217-200930.ckl

Edit 6 open

Severity	Vuln ID	Rule Title	Status
CAT II	V-275780	Create Themes with AI must be disabled.	Open (Open)
CAT II	V-275781	DevTools Generative AI features must be disabled.	Open (Open)
CAT II	V-275782	GenAI local foundational model must be disabled.	Open (Open)
CAT II	V-275783	Help Me Write must be disabled.	Open (Open)
CAT II	V-275784	AI-powered History Search must be disabled.	Open (Open)
CAT II	V-275785	Tab Compare Settings must be disabled.	Open (Open)

MONT-SW-89134 Outdated: V3R5

Microsoft Office 365 ProPlus Security Technical Implementation Guide MONT-SW-89134_MSOffice365_V3R4_20251217-201101.ckl

Edit 4 open

Severity	Vuln ID	Rule Title	Status
CAT II	V-278356	Connected experiences that analyze content must be disabled.	Open (Open)
CAT II	V-278357	Connected experiences that download online content must be disabled.	Open (Open)
CAT II	V-278358	Additional optional connected experiences must be disabled.	Open (Open)
CAT II	V-278359	Connected experiences must be disabled.	Open (Open)

MONT-SW-89108

Microsoft Edge Security Technical Implementation Guide MONT-SW-89108_MSEdge_V2R3_20251217-202829.ckl

Edit 1 open

Severity	Vuln ID	Rule Title	Status
CAT III	V-235719	User control of proxy settings must be disabled.	Open (Open)

MONT-SW-89134

Microsoft Edge Security Technical Implementation Guide MONT-SW-89134_MSEdge_V2R3_20251217-201011.ckl

Edit 1 open

Severity	Vuln ID	Rule Title	Status
CAT III	V-235719	User control of proxy settings must be disabled.	Open (Open)

1458

Total Findings

Open

1381

Closed/Remediated