National Vulnerability Database

National Vulnerability Database

National Vulnerability

Microsoft .Net Framework 4 STIG Ver 1, Rel 4 Checklist Details (Checklist Revisions)

SCAP 1.1 Content:

Supporting Resources:


Target CPE Name Product Category
Microsoft .NET Framework cpe:/a:microsoft:.net_framework (View CVEs)
  • Application Server

Checklist Highlights

Checklist Name:
Microsoft .Net Framework 4 STIG
Checklist ID:
Ver 1, Rel 4
Review Status:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:
Checklist Group:

Checklist Summary:

TheMicrosoft .NET Framework 4.0 Security Technical Implementation Guide (STIG) provides guidance for secure configuration and usage of Microsoft’s .NET Framework version 4.0. The STIG provides security guidance for .NET deployments in workstations or servers and focuses on the secure configuration of the .NET Common Language Runtime (CLR). This overview document gives technology-specific background and information on conducting a security review for .NET Framework Version 4.0. Previous versions of .NET are not addressed specifically, although some of the information may significantly overlap with previous versions. All STIGs are available on the Information Assurance Support Environment (IASE) web site:

Checklist Role:

  • Business Productivity Application

Known Issues:

Not provided.

Target Audience:

Not provided.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DoD Instruction (DoDI) 8500.01 requires that "all IT that receives, processes, stores, displays, or transmits DoD information will be […] configured […] consistent with applicable DoD cybersecurity policies, standards, and architectures" and tasks that Defense Information Systems Agency (DISA) "develops and maintains control correlation identifiers (CCIs), security requirements guides (SRGs), security technical implementation guides (STIGs), and mobile code risk categories and usage guides that implement and are consistent with DoD cybersecurity policies, standards, architectures, security controls, and validation procedures, with the support of the NSA/CSS, using input from stakeholders, and using automation whenever possible." This document is provided under the authority of DoDI 8500.01.


Not provided.


Not provided.

Product Support:

Parties within the DoD and Federal Government's computing environments can obtain the applicable STIG from the Information Assurance Support Environment (IASE) website. This site contains the latest copies of any STIGs, SRGs, and other related security information. The address for the IASE site is

Point of Contact:

Comments or proposed revisions to this document should be sent via email to the following address: DISA will coordinate all change requests with the relevant DoD organizations before inclusion in this document. Approved changes will be made in accordance with the DISA maintenance release schedule.


Not provided.


Not provided.

Change History:

Moved to FINAL - 03/30/2018


URL Description


Reference URL Description Microsoft .Net Framework Security Checklist - Ver 1, Rel 3

NIST checklist record last modified on 03/30/2018