Microsoft DotNet Framework 4.0 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
.NET must be configured to validate strong names on full-trust assemblies.
The "bypassTrustedAppStrongNames" setting specifies whether the bypass feature that avoids validating strong names for full-trust assemblies is enabled. By default the bypass feature is enabled in ...Rule Medium Severity -
.Net applications that invoke NetFx40_LegacySecurityPolicy must apply previous versions of .NET STIG guidance.
CAS policy is .NET runtime version-specific. In .NET Framework version 4, CAS policy is disabled by default however; it can be re-enabled by using the NetFx40_LegacySecurityPolicy setting on a per...Rule Low Severity -
Trust must be established prior to enabling the loading of remote code in .Net 4.
In the .NET Framework version 3.5 and earlier versions, if an application assembly loaded code/objects from a remote location, that assembly would run partially trusted with a permissions grant set...Rule Medium Severity -
.NET default proxy settings must be reviewed and approved.
The .Net framework can be configured to utilize a different proxy or altogether bypass the default proxy settings in the client's browser. This may lead to the framework using a proxy that is not ...Rule Low Severity -
Event tracing for Windows (ETW) for Common Language Runtime events must be enabled.
Event tracing captures information about applications utilizing the .NET CLR and the .NET CLR itself. This includes security oriented information, such as Strong Name and Authenticode verification....Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules