- Defense Information Systems Agency Security Technical Implementation Guide.
- A set of cybersecurity configuration standards to secure IT systems and software.
- Reduce Vulnerabilities: Scan the system, locate the vulnerability, and remediate.
Vulnerability: STIG ID: WN10-CC-000145 - Users must be prompted for a password on resume from sleep (on battery).
Purpose: Data Execution Prevention (DEP) prevents harmful code from running in protected memory locations reserved for Windows and other programs.
-
Configure the policy value for Computer Configuration >> Administrative Templates >> System >> Power Management >> Sleep Settings >> 'Require a password when a computer wakes (on battery)' to 'Enabled'.
-
Click the link STIGS to view PowerShell Scripts to remediate Windows 10 DISA STIGs.
-
Scan the system again to confirm the STIG was remediated.
Automation: Use tools to scan, deploy, and validate patches across the environment. Prioritization: Patch the most critical vulnerabilities first, based on real-world risk. Integration: Align patch management with broader IT and security frameworks (e.g., NIST CSF, RMF). Communication: Ensure coordination across IT, security, risk, and business teams. Documentation: Maintain records of patch status, exceptions, and decisions for compliance and audits.