| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-225230 | CAT II | SCHR-P3-DP-001 | Microsoft DotNet Framework 4.0 Security ... | The .NET CLR must be configured to use FIPS approv... | - | |||
Check TextExamine the .NET CLR configuration files from the vulnerability discussion to find the runtime element and then the "enforceFIPSPolicy" element. Example: <configuration> <runtime> <enforceFIPSPolicy enabled="true|false" /> </runtime> </configuration> By default, the .NET "enforceFIPSPolicy" element is set to "true". If the "enforceFIPSPolicy" element does not exist within the "runtime" element of the CLR configuration, this is not a finding. If the "enforceFIPSPolicy" element exists and is set to "false", and the IAO has not accepted the risk and documented the risk acceptance, this is a finding. Fix TextExamine the .NET CLR configuration files to find the runtime element and then the "enforceFIPSPolicy" element. Example: <configuration> <runtime> <enforceFIPSPolicy enabled="true|false" /> </runtime> </configuration> Delete the "enforceFIPSPolicy" runtime element, change the setting to "true" or there must be documented IAO approvals for the FIPS setting. Finding DetailsEvaluate-STIG 1.2601.0 (Scan-NETFramework4_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 665ECD2BE03F9086D5C3B003C3B3238D2C474D25 ~~~~~ No machine.config or *.exe.config files found with 'enforceFIPSPolicy enabled=false'.
Source: SCHR-P3-DP-001_DotNET4_V2R7_20260305-132722.cklb
Scan Date: 2026-03-12T15:38:14.388995
Technology Area: Windows Operating System
|
||||||||