V-220726
CAT IData Execution Prevention (DEP) must be configured to at least OptOut.
- Ships Affected
- 1
- Total Findings
- 2
- Open
- 2
- Closed
- 0
Check Text
Verify the DEP configuration.
Open a command prompt (cmd.exe) or PowerShell with elevated privileges (Run as administrator).
Enter "BCDEdit /enum {current}". (If using PowerShell "{current}" must be enclosed in quotes.)
If the value for "nx" is not "OptOut", this is a finding.
(The more restrictive configuration of "AlwaysOn" would not be a finding.)
Fix Text
Configure DEP to at least OptOut.
Note: Suspend BitLocker before making changes to the DEP configuration.
Open a command prompt (cmd.exe) or PowerShell with elevated privileges (Run as administrator).
Enter "BCDEDIT /set {current} nx OptOut". (If using PowerShell "{current}" must be enclosed in quotes.)
"AlwaysOn", a more restrictive selection, is also valid but does not allow applications that do not function properly to be opted out of DEP.
Opted out exceptions can be configured in the "System Properties".
Open "System" in Control Panel.
Select "Advanced system settings".
Click "Settings" in the "Performance" section.
Select the "Data Execution Prevention" tab.
Applications that are opted out are configured in the window below the selection "Turn on DEP for all programs and services except those I select:".
STIG Reference
- STIG
- Microsoft Windows 10 Security Technical Implementation Guide
- Version
- 3
- Release
- 4
- Rule ID
- SV-220726r958928_rule
All Occurrences
This vulnerability appears on 1 ship(s)
| Ship | Hull # | Source File | Status | Assigned To | Scan Date | Actions |
|---|---|---|---|---|---|---|
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-WS-92010/Checklist/MONT-WS-92010_Win10_V3R4_20251023-141133.ckl | Unassigned | 2026-01-14T12:57:28.689048 | View in Context | |
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONT-WS-92040/Checklist/MONT-WS-92040_Win10_V3R4_20251023-142421.ckl | Unassigned | 2026-01-14T12:57:26.690022 | View in Context |