An updated Windows 10 Security Technical Implementation Guide (STIG) is now available from DISA. You can download the files here.
Version 1, Release 14 contains the following revisions:
- V-63345 - Updated link to referenced NSA document.
- V-63367 - Updated local account exceptions, vary depending on Windows 10 version.
- V-63579 - Updated with additional certificate. Added certificate expiration dates for reference.
- V-63583 - Added certificate expiration dates for reference.
- V-63587 - Added certificate expiration dates for reference.
- V-63589 - Updated with additional certificate. Added certificate expiration dates for reference.
- V-68849 - Removed references to EMET, no longer supported by Microsoft as of 31 July 2018.
- V-77083 - Raised severity of UEFI requirement from CAT III to CAT II. Removed older system compatibility note.
- Corrected typo of DEP to DoD in reference to the XML file for the following: V-77091, V-77095, V-77097, V-77101, V77103.
V-77083 - Windows 10 systems must have Unified Extensible Firmware Interface (UEFI) firmware and be configured to run in UEFI mode, not Legacy BIOS.
The raised severity for V-77083 is a sharp poke for system administrators that haven't yet undergone their BIOS-to-UEFI conversions. UEFI is required to take advantage of many other Windows 10-specific security technologies, so it shouldn't be delayed too long. Of course, in order to convert over from legacy BIOS, you'll likely have to convert systems from Master Boot Record (MBR) to GUID Partition Table (GPT). The MBR2GPT.exe disk conversion utility can be used for this portion of the conversion.
