| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-12 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-NETFramework4_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: E28F7B07BF034968DDD074235F2D4C0EFC0E8F76 ~~~~~ Registry Path: HKLM:\SOFTWARE\Microsoft\.NETFramework Value Name: AllowStrongNameBypass Value: 0x00000000 (0) Type: REG_DWORD Registry Path: HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework Value Name: AllowStrongNameBypass Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
Check Text
If there is documented ISSO risk acceptance for development systems, this is not a finding. For 32 bit production systems: Use regedit to examine the “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework” key. On 64-bit production systems: Use regedit to examine both the “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework” and “HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework” keys. If the "AllowStrongNameBypass" value does not exist, or if the “DWORD” value is set to “1”, this is a finding. Documentation must include a complete list of installed .Net applications, application versions, and acknowledgement that ISSO trusts each installed application. If application versions installed on the system do not match approval documentation, this is a finding.
Fix Text
For 32 bit production systems: Set “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AllowStrongNameBypass" to a “DWORD” value of “0”. On 64-bit production systems: Set “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\ AllowStrongNameBypass” and “HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\ AllowStrongNameBypass” to a “DWORD” value of “0”. Or, obtain documented ISSO risk acceptance for each .Net application installed on the system. Approval documentation will include complete list of all installed .Net applications, application versions, and acknowledgement of ISSO trust of each installed application.