| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-268319 | CAT II | MONT-WS-92040 | Microsoft Windows 10 Security Technical ... | Windows 10 systems must use either Group Policy or... | - | |||
Check TextVerify the Windows 10 system is receiving policy from either Group Policy or an MDM with the following steps: From a command line or PowerShell: gpresult /R OS Configuration: Member Workstation If the system is not being managed by GPO, ask the administrator to indicate which MDM is managing the device. From PowerShell: Get-Service -Name "IntuneManagementExtension" If the Windows 10 system is not receiving policy from either Group Policy or an MDM, this is a finding. This is NA for standalone, nondomain-joined systems. Fix TextConfigure the Windows 10 system to use either Group Policy or an approved MDM product to enforce STIG compliance. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: EE3C41B079CD55070D61693A3A80148AC172FB2D ~~~~~ OS Configuration: Member Workstation GPOs applied to the system... --------------------------- Name: AR2.1-Disable SmartScreen GPO CRQ#200000 UniqueID: {BDCF3DB0-ED6B-4CFD-A3DE-A0EE39CFF553} AppliedOrder: 24 Enabled: True Enforced: True SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Adobe Reader DC Continuous protected view MAR2022 UniqueID: {73FB4C08-5E4E-4613-9C92-A1935473C0B8} AppliedOrder: 23 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Axway Configuration UniqueID: {9A2E7FFB-86B0-4C62-BFC8-6E7AC786A1ED} AppliedOrder: 22 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - RBAC UniqueID: {88602F3D-3A9F-4447-934A-2DDE7E6AC06D} AppliedOrder: 21 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - BitLocker Backup to Active Directory UniqueID: {13CF8084-13EC-427B-9CAB-F3243723B027} AppliedOrder: 20 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Windows 10 v2r1 Computer UniqueID: {633BF66A-4F82-4562-A78F-EEFA83686F95} AppliedOrder: 19 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Google Chrome FIX FEB2022 UniqueID: {4077A504-B830-4B59-868A-35847B93E9C6} AppliedOrder: 18 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Edge FIX FEB2022 UniqueID: {003A4B00-8A6C-4430-82C7-EB242F312734} AppliedOrder: 17 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Mozilla Firefox FIX FEB2022 UniqueID: {5464EA36-F45C-4BE0-89E6-A0043741FA96} AppliedOrder: 16 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Microsoft Edge v1r1 Computer UniqueID: {0DF1B468-68C7-4E60-BD66-971FBBABB95A} AppliedOrder: 15 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Google Chrome V2R1 - Computer UniqueID: {466A3169-B8B0-4E46-BC61-6CA031284F5E} AppliedOrder: 14 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Disable Sleep/Hibernate UniqueID: {35D3D931-A7DC-4B8B-9BE0-A67CFBD6268D} AppliedOrder: 13 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Internet Explorer 11 V1R19 - Computer UniqueID: {3C3C67E4-A139-4561-AF7B-D5AC7CAE2AD1} AppliedOrder: 12 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Microsoft Office 2016 - Office System V1R1 Computer UniqueID: {5AD817C7-2BBB-40FA-B6CE-AD8AC845A998} AppliedOrder: 11 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: DoD Adobe Acrobat Pro DC Continuous STIG Computer V1R2 UniqueID: {A1C7DDFF-5F74-49B9-9AC2-F92D1735189A} AppliedOrder: 10 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: Time Service 5-22 UniqueID: {C692EDD4-18D1-4698-AFE9-226C60EF20D2} AppliedOrder: 9 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Workstation Admins - Add Local UniqueID: {A9EC0F9B-D4F9-46EC-921D-9172267D8C09} AppliedOrder: 8 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Adobe Disable FIPS UniqueID: {6FAF5E3A-CAF7-4AC5-A9B3-201DB0CA8011} AppliedOrder: 7 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR 2.1 - LAPS Configuration Policy UniqueID: {446E9640-684E-4528-A16F-A72F31B95B67} AppliedOrder: 6 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: Default Domain Policy UniqueID: {31B2F340-016D-11D2-945F-00C04FB984F9} AppliedOrder: 5 Enabled: True Enforced: False SourceOU: DC=MONTFORD-POINT,DC=navy,DC=mil Name: Domain User Pol Adds 04-22 UniqueID: {0AB94EFD-80CB-4182-8BE0-4D5C77808FAD} AppliedOrder: 4 Enabled: True Enforced: False SourceOU: DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Disable print spooler inbound UniqueID: {57995639-3CC1-481E-871D-B60D68B54F2A} AppliedOrder: 3 Enabled: True Enforced: False SourceOU: DC=MONTFORD-POINT,DC=navy,DC=mil Name: IE11 STIG V2R1 4-22 UniqueID: {FF4CF530-57BD-4651-8020-451CF511BF99} AppliedOrder: 2 Enabled: True Enforced: False SourceOU: DC=MONTFORD-POINT,DC=navy,DC=mil Name: UniqueID: AppliedOrder: 1 Enabled: True Enforced: False SourceOU: Local
Source: _Reviewed/MONT-WS-92040/Checklist/MONT-WS-92040_Win10_V3R4_20251023-142421.ckl
Scan Date: 2026-01-14T12:57:26.690022
Technology Area: Windows Operating System
|
||||||||
| V-268319 | CAT II | MONT-WS-92010 | Microsoft Windows 10 Security Technical ... | Windows 10 systems must use either Group Policy or... | - | |||
Check TextVerify the Windows 10 system is receiving policy from either Group Policy or an MDM with the following steps: From a command line or PowerShell: gpresult /R OS Configuration: Member Workstation If the system is not being managed by GPO, ask the administrator to indicate which MDM is managing the device. From PowerShell: Get-Service -Name "IntuneManagementExtension" If the Windows 10 system is not receiving policy from either Group Policy or an MDM, this is a finding. This is NA for standalone, nondomain-joined systems. Fix TextConfigure the Windows 10 system to use either Group Policy or an approved MDM product to enforce STIG compliance. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: EE3C41B079CD55070D61693A3A80148AC172FB2D ~~~~~ OS Configuration: Member Workstation GPOs applied to the system... --------------------------- Name: AR2.1-Disable SmartScreen GPO CRQ#200000 UniqueID: {BDCF3DB0-ED6B-4CFD-A3DE-A0EE39CFF553} AppliedOrder: 24 Enabled: True Enforced: True SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Adobe Reader DC Continuous protected view MAR2022 UniqueID: {73FB4C08-5E4E-4613-9C92-A1935473C0B8} AppliedOrder: 23 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Axway Configuration UniqueID: {9A2E7FFB-86B0-4C62-BFC8-6E7AC786A1ED} AppliedOrder: 22 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - RBAC UniqueID: {88602F3D-3A9F-4447-934A-2DDE7E6AC06D} AppliedOrder: 21 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - BitLocker Backup to Active Directory UniqueID: {13CF8084-13EC-427B-9CAB-F3243723B027} AppliedOrder: 20 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Windows 10 v2r1 Computer UniqueID: {633BF66A-4F82-4562-A78F-EEFA83686F95} AppliedOrder: 19 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Google Chrome FIX FEB2022 UniqueID: {4077A504-B830-4B59-868A-35847B93E9C6} AppliedOrder: 18 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Edge FIX FEB2022 UniqueID: {003A4B00-8A6C-4430-82C7-EB242F312734} AppliedOrder: 17 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Mozilla Firefox FIX FEB2022 UniqueID: {5464EA36-F45C-4BE0-89E6-A0043741FA96} AppliedOrder: 16 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Microsoft Edge v1r1 Computer UniqueID: {0DF1B468-68C7-4E60-BD66-971FBBABB95A} AppliedOrder: 15 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Google Chrome V2R1 - Computer UniqueID: {466A3169-B8B0-4E46-BC61-6CA031284F5E} AppliedOrder: 14 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Disable Sleep/Hibernate UniqueID: {35D3D931-A7DC-4B8B-9BE0-A67CFBD6268D} AppliedOrder: 13 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Internet Explorer 11 V1R19 - Computer UniqueID: {3C3C67E4-A139-4561-AF7B-D5AC7CAE2AD1} AppliedOrder: 12 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Microsoft Office 2016 - Office System V1R1 Computer UniqueID: {5AD817C7-2BBB-40FA-B6CE-AD8AC845A998} AppliedOrder: 11 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: DoD Adobe Acrobat Pro DC Continuous STIG Computer V1R2 UniqueID: {A1C7DDFF-5F74-49B9-9AC2-F92D1735189A} AppliedOrder: 10 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: Time Service 5-22 UniqueID: {C692EDD4-18D1-4698-AFE9-226C60EF20D2} AppliedOrder: 9 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Workstation Admins - Add Local UniqueID: {A9EC0F9B-D4F9-46EC-921D-9172267D8C09} AppliedOrder: 8 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Adobe Disable FIPS UniqueID: {6FAF5E3A-CAF7-4AC5-A9B3-201DB0CA8011} AppliedOrder: 7 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR 2.1 - LAPS Configuration Policy UniqueID: {446E9640-684E-4528-A16F-A72F31B95B67} AppliedOrder: 6 Enabled: True Enforced: False SourceOU: OU=COMPUTERS,OU=MONTFORD-POINT,DC=MONTFORD-POINT,DC=navy,DC=mil Name: Default Domain Policy UniqueID: {31B2F340-016D-11D2-945F-00C04FB984F9} AppliedOrder: 5 Enabled: True Enforced: False SourceOU: DC=MONTFORD-POINT,DC=navy,DC=mil Name: Domain User Pol Adds 04-22 UniqueID: {0AB94EFD-80CB-4182-8BE0-4D5C77808FAD} AppliedOrder: 4 Enabled: True Enforced: False SourceOU: DC=MONTFORD-POINT,DC=navy,DC=mil Name: AR21 - Disable print spooler inbound UniqueID: {57995639-3CC1-481E-871D-B60D68B54F2A} AppliedOrder: 3 Enabled: True Enforced: False SourceOU: DC=MONTFORD-POINT,DC=navy,DC=mil Name: IE11 STIG V2R1 4-22 UniqueID: {FF4CF530-57BD-4651-8020-451CF511BF99} AppliedOrder: 2 Enabled: True Enforced: False SourceOU: DC=MONTFORD-POINT,DC=navy,DC=mil Name: UniqueID: AppliedOrder: 1 Enabled: True Enforced: False SourceOU: Local
Source: _Reviewed/MONT-WS-92010/Checklist/MONT-WS-92010_Win10_V3R4_20251023-141133.ckl
Scan Date: 2026-01-14T12:57:28.689048
Technology Area: Windows Operating System
|
||||||||
| V-268319 | CAT II | MONT-SW-89108 | Microsoft Windows 10 Security Technical ... | Windows 10 systems must use either Group Policy or... | - | |||
Check TextVerify the Windows 10 system is receiving policy from either Group Policy or an MDM with the following steps: From a command line or PowerShell: gpresult /R OS Configuration: Member Workstation If the system is not being managed by GPO, ask the administrator to indicate which MDM is managing the device. From PowerShell: Get-Service -Name "IntuneManagementExtension" If the Windows 10 system is not receiving policy from either Group Policy or an MDM, this is a finding. This is NA for standalone, nondomain-joined systems. Fix TextConfigure the Windows 10 system to use either Group Policy or an approved MDM product to enforce STIG compliance. Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: 35876C8966B85EC1E2B626A04F1F3A7173B7D72A ~~~~~ System is a 'Standalone Workstation' so this requirement is NA.
Source: MONT-SW-89108_Win10_V3R5_20251217-203019.ckl
Scan Date: 2026-03-04T15:25:16.342077
Technology Area: Windows Operating System
|
||||||||
| V-268319 | CAT II | MONT-SW-89134 | Microsoft Windows 10 Security Technical ... | Windows 10 systems must use either Group Policy or... | - | |||
Check TextVerify the Windows 10 system is receiving policy from either Group Policy or an MDM with the following steps: From a command line or PowerShell: gpresult /R OS Configuration: Member Workstation If the system is not being managed by GPO, ask the administrator to indicate which MDM is managing the device. From PowerShell: Get-Service -Name "IntuneManagementExtension" If the Windows 10 system is not receiving policy from either Group Policy or an MDM, this is a finding. This is NA for standalone, nondomain-joined systems. Fix TextConfigure the Windows 10 system to use either Group Policy or an approved MDM product to enforce STIG compliance. Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: 35876C8966B85EC1E2B626A04F1F3A7173B7D72A ~~~~~ System is a 'Standalone Workstation' so this requirement is NA.
Source: MONT-SW-89134_Win10_V3R5_20251217-201218.ckl
Scan Date: 2026-03-04T15:25:42.339596
Technology Area: Windows Operating System
|
||||||||