) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Microsoft .NET Framework 4 Version 2, Release 8 Checklist Details (Checklist Revisions)
SCAP 1.3 Content:
-
Download SCAP 1.3 Content - Microsoft DotNet Framework 4.0 STIG SCAP Benchmark - Ver 2, Rel 7
- Author: Defense Information Systems Agency
Supporting Resources:
-
Download Standalone XCCDF 1.1.4 - Microsoft DotNet Framework 4.0 STIG - Ver 2, Rel 8
- Defense Information Systems Agency
-
Download Automated Content - SCC 5.14 Windows
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
- Defense Information Systems Agency
Target:
| Target | CPE Name |
|---|---|
| Microsoft .NET Framework 4.0 | cpe:/a:microsoft:.net_framework:4.0 (View CVEs) |
Checklist Highlights
- Checklist Name:
- Microsoft .NET Framework 4
- Checklist ID:
- 432
- Version:
- Version 2, Release 8
- Type:
- Compliance
- Review Status:
- Final
- Authority:
- Governmental Authority: Defense Information Systems Agency
- Original Publication Date:
- 04/22/2016
Checklist Summary:
The Microsoft .NET Framework 4.0 Security Technical Implementation Guide (STIG) provides guidance for secure configuration and usage of Microsoft's .NET Framework version 4.0. The STIG provides security guidance for .NET deployments in workstations or servers and focuses on the secure configuration of the .NET Common Language Runtime (CLR). This overview document gives technology-specific background and information on conducting a security review for .NET Framework Version 4.0. Previous versions of .NET are not addressed specifically, although some of the information may significantly overlap with previous versions. This section provides background information on the Microsoft .NET 4.0 Framework and discusses general security considerations involved with using this technology. This overview document is not intended as a comprehensive source of information on .NET. Microsoft and other authors have produced documentation available for reference. Additionally, this STIG is not intended as a tutorial or training tool for inexperienced SAs. Since .NET is part of an application development and runtime architecture, knowledge of how .NET applications function, the Windows OS and application development techniques and programming issues is a prerequisite to understanding how to use the .NET STIG requirements.
Checklist Role:
- Application Server
Known Issues:
Not provided.
Target Audience:
Not provided.
Target Operational Environment:
- Managed
- Specialized Security-Limited Functionality (SSLF)
Testing Information:
Microsoft's .NET Framework version 4.0
Regulatory Compliance:
Not provided.
Comments/Warnings/Miscellaneous:
Comments or proposed revisions to this document should be sent via email to the following address: [email protected]. DISA will coordinate all change requests with the relevant DOD organizations before inclusion in this document. Approved changes will be made in accordance with the DISA maintenance release schedule.
Disclaimer:
Not provided.
Product Support:
Not provided.
Point of Contact:
Sponsor:
Not provided.
Licensing:
Not provided.
Change History:
Dependency/Requirements:
| URL | Description |
|---|
References:
| Reference URL | Description |
|---|