Microsoft DotNet Framework 4.0 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The .NET CLR must be configured to use FIPS approved encryption modules.
<VulnDiscussion>FIPS encryption is configured via .NET configuration files. There are numerous configuration files that affect different asp...Rule Medium Severity -
SRG-APP-000175
<GroupDescription></GroupDescription>Group -
.NET must be configured to validate strong names on full-trust assemblies.
<VulnDiscussion>The "bypassTrustedAppStrongNames" setting specifies whether the bypass feature that avoids validating strong names for full-t...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
.Net applications that invoke NetFx40_LegacySecurityPolicy must apply previous versions of .NET STIG guidance.
<VulnDiscussion>CAS policy is .NET runtime version-specific. In .NET Framework version 4, CAS policy is disabled by default however; it can ...Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules