Checklist Summary:

The Microsoft .NET Framework 4.0 Security Technical Implementation Guide (STIG) provides guidance for secure configuration and usage of Microsoft's .NET Framework version 4.0. The STIG provides security guidance for .NET deployments in workstations or servers and focuses on the secure configuration of the .NET Common Language Runtime (CLR). This overview document gives technology-specific background and information on conducting a security review for .NET Framework Version 4.0. Previous versions of .NET are not addressed specifically, although some of the information may significantly overlap with previous versions. This section provides background information on the Microsoft .NET 4.0 Framework and discusses general security considerations involved with using this technology. This overview document is not intended as a comprehensive source of information on .NET. Microsoft and other authors have produced documentation available for reference. Additionally, this STIG is not intended as a tutorial or training tool for inexperienced SAs. Since .NET is part of an application development and runtime architecture, knowledge of how .NET applications function, the Windows OS and application development techniques and programming issues is a prerequisite to understanding how to use the .NET STIG requirements.

Checklist Role:

• Application Server

Known Issues:

Not provided.

Target Audience:

This document is a requirement for all DoD-administered systems and all systems connected to DoD networks. These requirements are designed to assist System Managers (SMs), Information Assurance Managers (IAMs), Information Assurance Officers (IAOs), and Systems Administrators (SAs) with configuring and maintaining security controls. This guidance supports DoD system design, development, implementation, certification, and accreditation efforts.

Target Operational Environment:

• Managed
• Specialized Security-Limited Functionality (SSLF)

Testing Information:

Microsoft's .NET Framework version 4.0

Regulatory Compliance:

Not provided.

Comments/Warnings/Miscellaneous:

Comments or proposed revisions to this document should be sent via email to disa.stig_spt@mail.mil. DISA FSO will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Disclaimer:

Not provided.

Product Support:

FSO Support for the STIGs, Checklists, and Tools is only available to DOD Customers via email at: disa.stig_spt@mail.mil

Point of Contact:

disa.stig_spt@mail.mil

Sponsor:

DoD

Licensing:

Not provided.

Change History:

Version 1, Release 2 - 24 January 2014 (XCCDF only)
Version 1, Release 1 - 5 April 2013 (Benchmark)
Version 1, Release 1 - 10 August 2012
Version 1, Release 3 Benchmark - 30 October 2015
Changed status from "Under Review" to "Final" - 29 December 2015
4/27/2016 - version 1 release 3
moved to FINAL - 6/7/2016
null
Updated URL to reflect change to the DISA website - http --> https
Updated to V1, R4 - 1/26/18
Updated to FINAL - 2/27/2018
updated to Ver 1, Rel 5 - 7/24/18
Updated to FINAL - 8/24/18
Updated to Version 1, Release 6 - 10/25/18
Updated to FINAL - 11/26/18
updated to v1,r7 - 4/30/2019
Corrected SHA - 5/2/19
Updated to FINAL  - 6/4/19
Updated URLs - 6/6/19
Updated URLs - 6/25/19

Dependency/Requirements:

URL	Description
https://dl.dod.cyber.mil/wp-content/uploads/stigs/pdf/u_microsoft_net_framework_40_stig_v1_release_memo.pdf	Microsoft .NET Framework 4 Release Memo

References:

Reference URL	Description

NIST checklist record last modified on 06/25/2019