Back
🔒
Microsoft .NET Framework 4 Security Checklist
Medium
15 items
·
2 hours
testuser
Published 4 months ago
This checklist helps IT administrators and general users verify secure configuration of Microsoft .NET Framework 4.0 using DISA STIG guidance and best practices. Use it to patch, harden configs, run automated scans, and maintain ongoing audits for managed environments.
Progress
0 / 15
- Download DISA SCAP and XCCDF content for .NET 4 STIG — Get SCAP 1.3 and XCCDF packages from DISA for automated benchmarking.
- Run automated SCAP/SCC benchmark scan using XCCDF — Use SCC or your SCAP tool to evaluate hosts against the .NET 4 STIG.
- Update .NET Framework 4 to latest security patches — Apply Microsoft's cumulative updates and security fixes for .NET 4.x.
- Scan and inventory hosts running .NET Framework 4.0 — Create an asset list of servers and workstations with .NET 4 installed.
- Uninstall or disable unused .NET components and legacy versions — Remove deprecated runtimes and features not required by applications.
- Review and harden machine.config and web.config — Check global and app configs for insecure defaults and debug settings.
- Remove debug and compilation debug settings — Ensure <compilation debug="false"> is set in production configs.
- Set customErrors to 'On' and configure error pages — Prevent detailed stack traces from being exposed to end users.
- Enforce appropriate trust levels and remove unnecessary fullTrust — Limit application trust and remove overly permissive policies.
- Enable strong cryptography (SchUseStrongCrypto) for .NET 4 — Set registry/machine.config flags to prefer TLS 1.2+ and strong ciphers.
- Enforce Code Access Security policies and disable unnecessary evidence — Harden CAS and reduce reliance on evidence-based trust where possible.
- Restrict assembly loading and verify assemblies are signed — Prevent untrusted assemblies by enforcing strong name and signature checks.
- Configure CLR and application logging and forward to SIEM — Enable .NET runtime, application errors, and security event forwarding.
- Backup .NET configuration files and document accepted exceptions — Store machine.config, web.config and change justifications in version control.
- Schedule regular audits and baseline comparisons for .NET security — Run periodic STIG scans and track deviations from the secure baseline.
Your Stats
🏆
0
Completed
📅
—
Last Done
⏱️
—
Last Time
Completion Rate
Items checked per run
⚡
—
Fastest Run
🔥
0
Streak
🚫
—
Most Skipped Step
🔄
0
Resets
📝 My Notes