The Windows PAW must be configured with a vendor-supported version of Windows 11 and applicable security patches that are DOD approved.
An XCCDF Rule
Description
<VulnDiscussion>Older versions of operating systems usually contain vulnerabilities that have been fixed in later released versions. In addition, most operating system patches contain fixes for recently discovered security vulnerabilities. Due to the highly privileged activities of a PAW, it must be maintained at the highest security posture possible and therefore must have one of the current vendor-supported operating system versions installed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-243447r991589_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Install one of the current vendor-supported versions of Windows 11 on site PAWs, including the most recently released patches.
Note: There is no central list in the DOD of "approved" operating system versions. The Microsoft website will list supported versions of Windows 11 and patches. If a STIG is available for one or more of the vendor-supported versions of Windows 11, the version can be considered to be DOD approved. Local AOs usually have implemented a procedure for testing Windows updates before they are deployed. Check with the local AO's staff to determine the latest approved version of Windows 11.