Checklist Details for Microsoft .NET Framework 4 Version 1, Release 2

(Archived Revisions)

Checklist Highlights

Checklist Name:
Microsoft .NET Framework 4
Version:
Version 1, Release 2
Tier:
III
Review Status:
Final
Authority:
Governmental Authority: Defense Information Systems Agency
Target Product:
Target Product CPE Name Product Category
Microsoft .NET Framework 4.0 cpe:/a:microsoft:.net_framework:4.0 (View CVEs)
  • Application Server
Checklist Summary:
The Microsoft .NET Framework 4.0 Security Technical Implementation Guide (STIG) provides guidance for secure configuration and usage of Microsoft's .NET Framework version 4.0. The STIG provides security guidance for .NET deployments in workstations or servers and focuses on the secure configuration of the .NET Common Language Runtime (CLR). This overview document gives technology-specific background and information on conducting a security review for .NET Framework Version 4.0. Previous versions of .NET are not addressed specifically, although some of the information may significantly overlap with previous versions. This section provides background information on the Microsoft .NET 4.0 Framework and discusses general security considerations involved with using this technology. This overview document is not intended as a comprehensive source of information on .NET. Microsoft and other authors have produced documentation available for reference. Additionally, this STIG is not intended as a tutorial or training tool for inexperienced SAs. Since .NET is part of an application development and runtime architecture, knowledge of how .NET applications function, the Windows OS and application development techniques and programming issues is a prerequisite to understanding how to use the .NET STIG requirements.
Checklist Role:
  • Application Server
Known Issues:
Not provided.
Target Audience:
This document is a requirement for all DoD-administered systems and all systems connected to DoD networks. These requirements are designed to assist System Managers (SMs), Information Assurance Managers (IAMs), Information Assurance Officers (IAOs), and Systems Administrators (SAs) with configuring and maintaining security controls. This guidance supports DoD system design, development, implementation, certification, and accreditation efforts.
Target Operational Environment:
  • Managed
  • Specialized Security-Limited Functionality (SSLF)
Testing Information:
Microsoft's .NET Framework version 4.0
Regulatory Compliance:
Not provided.
Comments/Warnings/Miscellaneous:
Comments or proposed revisions to this document should be sent via email to disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil. DISA FSO will coordinate all change requests with the relevant DoD organizations before inclusion in this document.
Disclaimer:
Not provided.
Product Support:
FSO Support for the STIGs, Checklists, and Tools is only available to DOD Customers via email at: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil
Point of Contact:
disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil
Sponsor:
DoD
Licensing:
Not provided.
Change History:
Version 1, Release 1 - 5 April 2013
Version 1, Release 1 - 10 August 2012

NIST checklist record last modified on 05/06/2013