USNS MONTFORD POINT - Findings

Showing 12 of 12 findings (filtered) View Documentation Status (90 tracked)

Vuln ID	Severity	Asset	STIG	Title	Doc Status
V-225232	CAT III	MONT-WS-92040	Microsoft DotNet Framework 4.0 Security ...	.Net applications that invoke NetFx40_LegacySecuri...	-
Check Text The infrastructure to enable Code Access Security (CAS) exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Open Windows explorer and search for all .exe.config files. This requirement does not apply to the caspol.exe assembly or other assemblies provided with the Windows OS or the Windows Secure Host Baseline (SHB). To find relevant files, run the FINDSTR command from an elevated (admin) command prompt: FINDSTR /i /s "NetFx40_LegacySecurityPolicy" c:\.exe.config This command will search all ."exe.config" files on the c: drive partition for the "LegacySecurityPolicy" setting. Repeat the command for each drive partition on the system. If the .NET application configuration file uses the legacy policy element, and .NET STIG guidance that covers these legacy versions has not been applied, this is a finding. Fix Text The infrastructure to enable CAS exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Apply the .NET Framework Security Checklist for .Net versions 1 through 3.5 when using the NetFx40_LegacySecurityPolicy setting. Finding Details Evaluate-STIG 1.2507.5 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 0E4360D1A69538A55E456743C4260C8FCE83E079 ~~~~~ Installed .NET version is '4.8'. This check only applies to .NET version 4.0 specifically so this requirement is NA. Source: _Reviewed/MONT-WS-92040/Checklist/MONT-WS-92040_DotNET4_V2R7_20251023-142306.ckl Scan Date: 2026-01-14T12:57:25.530570 Technology Area: Windows Operating System
V-225232	CAT III	MONT-WS-92010	Microsoft DotNet Framework 4.0 Security ...	.Net applications that invoke NetFx40_LegacySecuri...	-
Check Text The infrastructure to enable Code Access Security (CAS) exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Open Windows explorer and search for all .exe.config files. This requirement does not apply to the caspol.exe assembly or other assemblies provided with the Windows OS or the Windows Secure Host Baseline (SHB). To find relevant files, run the FINDSTR command from an elevated (admin) command prompt: FINDSTR /i /s "NetFx40_LegacySecurityPolicy" c:\.exe.config This command will search all ."exe.config" files on the c: drive partition for the "LegacySecurityPolicy" setting. Repeat the command for each drive partition on the system. If the .NET application configuration file uses the legacy policy element, and .NET STIG guidance that covers these legacy versions has not been applied, this is a finding. Fix Text The infrastructure to enable CAS exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Apply the .NET Framework Security Checklist for .Net versions 1 through 3.5 when using the NetFx40_LegacySecurityPolicy setting. Finding Details Evaluate-STIG 1.2507.5 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 0E4360D1A69538A55E456743C4260C8FCE83E079 ~~~~~ Installed .NET version is '4.8'. This check only applies to .NET version 4.0 specifically so this requirement is NA. Source: _Reviewed/MONT-WS-92010/Checklist/MONT-WS-92010_DotNET4_V2R7_20251023-141005.ckl Scan Date: 2026-01-14T12:57:27.786540 Technology Area: Windows Operating System
V-225232	CAT III	MONT-VSF-004	Microsoft DotNet Framework 4.0 Security ...	.Net applications that invoke NetFx40_LegacySecuri...	-
Check Text The infrastructure to enable Code Access Security (CAS) exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Open Windows explorer and search for all .exe.config files. This requirement does not apply to the caspol.exe assembly or other assemblies provided with the Windows OS or the Windows Secure Host Baseline (SHB). To find relevant files, run the FINDSTR command from an elevated (admin) command prompt: FINDSTR /i /s "NetFx40_LegacySecurityPolicy" c:\.exe.config This command will search all ."exe.config" files on the c: drive partition for the "LegacySecurityPolicy" setting. Repeat the command for each drive partition on the system. If the .NET application configuration file uses the legacy policy element, and .NET STIG guidance that covers these legacy versions has not been applied, this is a finding. Fix Text The infrastructure to enable CAS exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Apply the .NET Framework Security Checklist for .Net versions 1 through 3.5 when using the NetFx40_LegacySecurityPolicy setting. Finding Details Evaluate-STIG 1.2507.5 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 0E4360D1A69538A55E456743C4260C8FCE83E079 ~~~~~ Installed .NET version is '4.8'. This check only applies to .NET version 4.0 specifically so this requirement is NA. Source: _Reviewed/MONT-VSF-004/Checklist/MONT-VSF-004_DotNET4_V2R7_20251023-143711.ckl Scan Date: 2026-01-14T12:57:29.485524 Technology Area: Windows Operating System
V-225232	CAT III	MONT-VSF-003	Microsoft DotNet Framework 4.0 Security ...	.Net applications that invoke NetFx40_LegacySecuri...	-
Check Text The infrastructure to enable Code Access Security (CAS) exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Open Windows explorer and search for all .exe.config files. This requirement does not apply to the caspol.exe assembly or other assemblies provided with the Windows OS or the Windows Secure Host Baseline (SHB). To find relevant files, run the FINDSTR command from an elevated (admin) command prompt: FINDSTR /i /s "NetFx40_LegacySecurityPolicy" c:\.exe.config This command will search all ."exe.config" files on the c: drive partition for the "LegacySecurityPolicy" setting. Repeat the command for each drive partition on the system. If the .NET application configuration file uses the legacy policy element, and .NET STIG guidance that covers these legacy versions has not been applied, this is a finding. Fix Text The infrastructure to enable CAS exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Apply the .NET Framework Security Checklist for .Net versions 1 through 3.5 when using the NetFx40_LegacySecurityPolicy setting. Finding Details Evaluate-STIG 1.2507.5 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 0E4360D1A69538A55E456743C4260C8FCE83E079 ~~~~~ Installed .NET version is '4.8'. This check only applies to .NET version 4.0 specifically so this requirement is NA. Source: _Reviewed/MONT-VSF-003/Checklist/MONT-VSF-003_DotNET4_V2R7_20251023-143732.ckl Scan Date: 2026-01-14T12:57:30.918773 Technology Area: Windows Operating System
V-225232	CAT III	MONT-MB-002	Microsoft DotNet Framework 4.0 Security ...	.Net applications that invoke NetFx40_LegacySecuri...	-
Check Text The infrastructure to enable Code Access Security (CAS) exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Open Windows explorer and search for all .exe.config files. This requirement does not apply to the caspol.exe assembly or other assemblies provided with the Windows OS or the Windows Secure Host Baseline (SHB). To find relevant files, run the FINDSTR command from an elevated (admin) command prompt: FINDSTR /i /s "NetFx40_LegacySecurityPolicy" c:\.exe.config This command will search all ."exe.config" files on the c: drive partition for the "LegacySecurityPolicy" setting. Repeat the command for each drive partition on the system. If the .NET application configuration file uses the legacy policy element, and .NET STIG guidance that covers these legacy versions has not been applied, this is a finding. Fix Text The infrastructure to enable CAS exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Apply the .NET Framework Security Checklist for .Net versions 1 through 3.5 when using the NetFx40_LegacySecurityPolicy setting. Finding Details Evaluate-STIG 1.2507.5 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 0E4360D1A69538A55E456743C4260C8FCE83E079 ~~~~~ Installed .NET version is '4.8'. This check only applies to .NET version 4.0 specifically so this requirement is NA. Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_DotNET4_V2R7_20251023-152339.ckl Scan Date: 2026-01-14T12:57:32.355929 Technology Area: Windows Operating System
V-225232	CAT III	MONT-DP-001	Microsoft DotNet Framework 4.0 Security ...	.Net applications that invoke NetFx40_LegacySecuri...	-
Check Text The infrastructure to enable Code Access Security (CAS) exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Open Windows explorer and search for all .exe.config files. This requirement does not apply to the caspol.exe assembly or other assemblies provided with the Windows OS or the Windows Secure Host Baseline (SHB). To find relevant files, run the FINDSTR command from an elevated (admin) command prompt: FINDSTR /i /s "NetFx40_LegacySecurityPolicy" c:\.exe.config This command will search all ."exe.config" files on the c: drive partition for the "LegacySecurityPolicy" setting. Repeat the command for each drive partition on the system. If the .NET application configuration file uses the legacy policy element, and .NET STIG guidance that covers these legacy versions has not been applied, this is a finding. Fix Text The infrastructure to enable CAS exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Apply the .NET Framework Security Checklist for .Net versions 1 through 3.5 when using the NetFx40_LegacySecurityPolicy setting. Finding Details Evaluate-STIG 1.2507.5 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 0E4360D1A69538A55E456743C4260C8FCE83E079 ~~~~~ Installed .NET version is '4.8'. This check only applies to .NET version 4.0 specifically so this requirement is NA. Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_DotNET4_V2R7_20251023-143731.ckl Scan Date: 2026-01-14T12:57:34.683670 Technology Area: Windows Operating System
V-225232	CAT III	MONT-DC-003	Microsoft DotNet Framework 4.0 Security ...	.Net applications that invoke NetFx40_LegacySecuri...	-
Check Text The infrastructure to enable Code Access Security (CAS) exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Open Windows explorer and search for all .exe.config files. This requirement does not apply to the caspol.exe assembly or other assemblies provided with the Windows OS or the Windows Secure Host Baseline (SHB). To find relevant files, run the FINDSTR command from an elevated (admin) command prompt: FINDSTR /i /s "NetFx40_LegacySecurityPolicy" c:\.exe.config This command will search all ."exe.config" files on the c: drive partition for the "LegacySecurityPolicy" setting. Repeat the command for each drive partition on the system. If the .NET application configuration file uses the legacy policy element, and .NET STIG guidance that covers these legacy versions has not been applied, this is a finding. Fix Text The infrastructure to enable CAS exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Apply the .NET Framework Security Checklist for .Net versions 1 through 3.5 when using the NetFx40_LegacySecurityPolicy setting. Finding Details Evaluate-STIG 1.2507.5 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 0E4360D1A69538A55E456743C4260C8FCE83E079 ~~~~~ Installed .NET version is '4.8'. This check only applies to .NET version 4.0 specifically so this requirement is NA. Source: _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_DotNET4_V2R7_20251023-171946.ckl Scan Date: 2026-01-14T12:57:36.663331 Technology Area: Windows Operating System
V-225232	CAT III	MONT-DB-002	Microsoft DotNet Framework 4.0 Security ...	.Net applications that invoke NetFx40_LegacySecuri...	-
Check Text The infrastructure to enable Code Access Security (CAS) exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Open Windows explorer and search for all .exe.config files. This requirement does not apply to the caspol.exe assembly or other assemblies provided with the Windows OS or the Windows Secure Host Baseline (SHB). To find relevant files, run the FINDSTR command from an elevated (admin) command prompt: FINDSTR /i /s "NetFx40_LegacySecurityPolicy" c:\.exe.config This command will search all ."exe.config" files on the c: drive partition for the "LegacySecurityPolicy" setting. Repeat the command for each drive partition on the system. If the .NET application configuration file uses the legacy policy element, and .NET STIG guidance that covers these legacy versions has not been applied, this is a finding. Fix Text The infrastructure to enable CAS exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Apply the .NET Framework Security Checklist for .Net versions 1 through 3.5 when using the NetFx40_LegacySecurityPolicy setting. Finding Details Evaluate-STIG 1.2507.5 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 0E4360D1A69538A55E456743C4260C8FCE83E079 ~~~~~ Installed .NET version is '4.8'. This check only applies to .NET version 4.0 specifically so this requirement is NA. Source: _Reviewed/MONT-DB-002/Checklist/MONT-DB-002_DotNET4_V2R7_20251023-143930.ckl Scan Date: 2026-01-14T12:57:38.504147 Technology Area: Windows Operating System
V-225232	CAT III	MONT-BE-002	Microsoft DotNet Framework 4.0 Security ...	.Net applications that invoke NetFx40_LegacySecuri...	-
Check Text The infrastructure to enable Code Access Security (CAS) exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Open Windows explorer and search for all .exe.config files. This requirement does not apply to the caspol.exe assembly or other assemblies provided with the Windows OS or the Windows Secure Host Baseline (SHB). To find relevant files, run the FINDSTR command from an elevated (admin) command prompt: FINDSTR /i /s "NetFx40_LegacySecurityPolicy" c:\.exe.config This command will search all ."exe.config" files on the c: drive partition for the "LegacySecurityPolicy" setting. Repeat the command for each drive partition on the system. If the .NET application configuration file uses the legacy policy element, and .NET STIG guidance that covers these legacy versions has not been applied, this is a finding. Fix Text The infrastructure to enable CAS exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Apply the .NET Framework Security Checklist for .Net versions 1 through 3.5 when using the NetFx40_LegacySecurityPolicy setting. Finding Details Evaluate-STIG 1.2507.5 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 0E4360D1A69538A55E456743C4260C8FCE83E079 ~~~~~ Installed .NET version is '4.8'. This check only applies to .NET version 4.0 specifically so this requirement is NA. Source: _Reviewed/MONT-BE-002/Checklist/MONT-BE-002_DotNET4_V2R7_20251023-143746.ckl Scan Date: 2026-01-14T12:57:39.853926 Technology Area: Windows Operating System
V-225232	CAT III	MONT-AP-002	Microsoft DotNet Framework 4.0 Security ...	.Net applications that invoke NetFx40_LegacySecuri...	-
Check Text The infrastructure to enable Code Access Security (CAS) exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Open Windows explorer and search for all .exe.config files. This requirement does not apply to the caspol.exe assembly or other assemblies provided with the Windows OS or the Windows Secure Host Baseline (SHB). To find relevant files, run the FINDSTR command from an elevated (admin) command prompt: FINDSTR /i /s "NetFx40_LegacySecurityPolicy" c:\.exe.config This command will search all ."exe.config" files on the c: drive partition for the "LegacySecurityPolicy" setting. Repeat the command for each drive partition on the system. If the .NET application configuration file uses the legacy policy element, and .NET STIG guidance that covers these legacy versions has not been applied, this is a finding. Fix Text The infrastructure to enable CAS exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Apply the .NET Framework Security Checklist for .Net versions 1 through 3.5 when using the NetFx40_LegacySecurityPolicy setting. Finding Details Evaluate-STIG 1.2507.5 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: 0E4360D1A69538A55E456743C4260C8FCE83E079 ~~~~~ Installed .NET version is '4.8'. This check only applies to .NET version 4.0 specifically so this requirement is NA. Source: _Reviewed/MONT-AP-002/Checklist/MONT-AP-002_DotNET4_V2R7_20251023-144010.ckl Scan Date: 2026-01-14T12:57:42.156893 Technology Area: Windows Operating System
V-225232	CAT III	MONT-SW-89108	Microsoft DotNet Framework 4.0 Security ...	.Net applications that invoke NetFx40_LegacySecuri...	-
Check Text The infrastructure to enable Code Access Security (CAS) exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Open Windows explorer and search for all .exe.config files. This requirement does not apply to the caspol.exe assembly or other assemblies provided with the Windows OS or the Windows Secure Host Baseline (SHB). To find relevant files, run the FINDSTR command from an elevated (admin) command prompt: FINDSTR /i /s "NetFx40_LegacySecurityPolicy" c:\.exe.config This command will search all ."exe.config" files on the c: drive partition for the "LegacySecurityPolicy" setting. Repeat the command for each drive partition on the system. If the .NET application configuration file uses the legacy policy element, and .NET STIG guidance that covers these legacy versions has not been applied, this is a finding. Fix Text The infrastructure to enable CAS exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Apply the .NET Framework Security Checklist for .Net versions 1 through 3.5 when using the NetFx40_LegacySecurityPolicy setting. Finding Details Evaluate-STIG 1.2510.0 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: 0E4360D1A69538A55E456743C4260C8FCE83E079 ~~~~~ Installed .NET version is '4.8'. This check only applies to .NET version 4.0 specifically so this requirement is NA. Source: MONT-SW-89108_DotNET4_V2R7_20251217-202821.ckl Scan Date: 2026-03-04T15:25:15.828600 Technology Area: Windows Operating System
V-225232	CAT III	MONT-SW-89134	Microsoft DotNet Framework 4.0 Security ...	.Net applications that invoke NetFx40_LegacySecuri...	-
Check Text The infrastructure to enable Code Access Security (CAS) exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Open Windows explorer and search for all .exe.config files. This requirement does not apply to the caspol.exe assembly or other assemblies provided with the Windows OS or the Windows Secure Host Baseline (SHB). To find relevant files, run the FINDSTR command from an elevated (admin) command prompt: FINDSTR /i /s "NetFx40_LegacySecurityPolicy" c:\.exe.config This command will search all ."exe.config" files on the c: drive partition for the "LegacySecurityPolicy" setting. Repeat the command for each drive partition on the system. If the .NET application configuration file uses the legacy policy element, and .NET STIG guidance that covers these legacy versions has not been applied, this is a finding. Fix Text The infrastructure to enable CAS exists only in .NET Framework 2.x - 4.x. The requirement is Not Applicable (NA) for .NET Framework > 4.x. (Note: The infrastructure is deprecated and is not receiving servicing or security fixes.) Apply the .NET Framework Security Checklist for .Net versions 1 through 3.5 when using the NetFx40_LegacySecurityPolicy setting. Finding Details Evaluate-STIG 1.2510.0 (Scan-NETFramework4_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: 0E4360D1A69538A55E456743C4260C8FCE83E079 ~~~~~ Installed .NET version is '4.8'. This check only applies to .NET version 4.0 specifically so this requirement is NA. Source: MONT-SW-89134_DotNET4_V2R7_20251217-201000.ckl Scan Date: 2026-03-04T15:25:41.864254 Technology Area: Windows Operating System

Check Text

Fix Text

Finding Details

Check Text

Fix Text

Finding Details

Check Text

Fix Text

Finding Details

Check Text

Fix Text

Finding Details

Check Text

Fix Text

Finding Details

Check Text

Fix Text

Finding Details

Check Text

Fix Text

Finding Details

Check Text

Fix Text

Finding Details

Check Text

Fix Text

Finding Details

Check Text

Fix Text

Finding Details

Check Text

Fix Text

Finding Details

Check Text

Fix Text

Finding Details