STIGQter STIGQter: STIG Summary: Windows 10 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:

The Server Message Block (SMB) v1 protocol must be disabled on the system.

DISA Rule

SV-220729r569187_rule

Vulnerability Number

V-220729

Group Title

SRG-OS-000095-GPOS-00049

Rule Version

WN10-00-000160

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Disable the SMBv1 protocol.

Run "Windows PowerShell" with elevated privileges (run as administrator).

Enter the following:
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

Alternately:
Search for "Features".

Select "Turn Windows features on or off".

De-select "SMB 1.0/CIFS File Sharing Support".

Check Contents

Different methods are available to disable SMBv1 on Windows 10. This is the preferred method, however if V-74723 and V-74725 are configured, this is NA.

Run "Windows PowerShell" with elevated privileges (run as administrator).

Enter the following:
Get-WindowsOptionalFeature -Online | Where FeatureName -eq SMB1Protocol

If "State : Enabled" is returned, this is a finding.

Alternately:
Search for "Features".

Select "Turn Windows features on or off".

If "SMB 1.0/CIFS File Sharing Support" is selected, this is a finding.

Vulnerability Number

V-220729

Documentable

False

Rule Version

WN10-00-000160

Severity Override Guidance

Different methods are available to disable SMBv1 on Windows 10. This is the preferred method, however if V-74723 and V-74725 are configured, this is NA.

Run "Windows PowerShell" with elevated privileges (run as administrator).

Enter the following:
Get-WindowsOptionalFeature -Online | Where FeatureName -eq SMB1Protocol

If "State : Enabled" is returned, this is a finding.

Alternately:
Search for "Features".

Select "Turn Windows features on or off".

If "SMB 1.0/CIFS File Sharing Support" is selected, this is a finding.

Check Content Reference

M

Target Key

4072

Comments