This is a potential security issue, you are being redirected to https://ncp.nist.gov
|Microsoft .NET Framework 4.0||cpe:/a:microsoft:.net_framework:4.0 (View CVEs)|
The Microsoft .NET Framework 4.0 Security Technical Implementation Guide (STIG) provides guidance for secure configuration and usage of Microsoft's .NET Framework version 4.0. The STIG provides security guidance for .NET deployments in workstations or servers and focuses on the secure configuration of the .NET Common Language Runtime (CLR). This overview document gives technology-specific background and information on conducting a security review for .NET Framework Version 4.0. Previous versions of .NET are not addressed specifically, although some of the information may significantly overlap with previous versions. This section provides background information on the Microsoft .NET 4.0 Framework and discusses general security considerations involved with using this technology. This overview document is not intended as a comprehensive source of information on .NET. Microsoft and other authors have produced documentation available for reference. Additionally, this STIG is not intended as a tutorial or training tool for inexperienced SAs. Since .NET is part of an application development and runtime architecture, knowledge of how .NET applications function, the Windows OS and application development techniques and programming issues is a prerequisite to understanding how to use the .NET STIG requirements.
This document is a requirement for all DoD-administered systems and all systems connected to DoD networks. These requirements are designed to assist System Managers (SMs), Information Assurance Managers (IAMs), Information Assurance Officers (IAOs), and Systems Administrators (SAs) with configuring and maintaining security controls. This guidance supports DoD system design, development, implementation, certification, and accreditation efforts.
Microsoft's .NET Framework version 4.0
Comments or proposed revisions to this document should be sent via email to email@example.com. DISA FSO will coordinate all change requests with the relevant DoD organizations before inclusion in this document.
FSO Support for the STIGs, Checklists, and Tools is only available to DOD Customers via email at: firstname.lastname@example.org
Version 1, Release 2 - 24 January 2014 (XCCDF only) Version 1, Release 1 - 5 April 2013 (Benchmark) Version 1, Release 1 - 10 August 2012 Version 1, Release 3 Benchmark - 30 October 2015 Changed status from "Under Review" to "Final" - 29 December 2015 4/27/2016 - version 1 release 3 moved to FINAL - 6/7/2016 null Updated URL to reflect change to the DISA website - http --> https Updated to V1, R4 - 1/26/18 Updated to FINAL - 2/27/2018 updated to Ver 1, Rel 5 - 7/24/18 Updated to FINAL - 8/24/18 Updated to Version 1, Release 6 - 10/25/18 Updated to FINAL - 11/26/18 updated to v1,r7 - 4/30/2019 Corrected SHA - 5/2/19 Updated to FINAL - 6/4/19 Updated URLs - 6/6/19 Updated URLs - 6/25/19 Updated URL - 8/15/19 updated URLs - 11/1/19 updated benchmark - 4/24/2020 Updated benchmark- 8/3/2020 Updated resources per DISA - 1/26/21 null added SCC links per DISA guidance - 4/20/2021 Updated resources per DISA - 5/25/21 updated SCC Tool per DISA - 9/16/2021