Windows 10 STIG Compliance & Remediation
Implemented a structured vulnerability management program, addressing critical vulnerabilities through STIG compliance using Tenable Nessus and automation scripts.
Technologies Used
Key Features
Project Overview
This project focused on implementing a systematic approach to Windows 10 STIG (Security Technical Implementation Guide) compliance in an Azure environment. I conducted initial vulnerability scanning using Tenable Nessus to identify security gaps, then developed and implemented PowerShell scripts to remediate high-priority vulnerabilities, significantly improving the security posture of the Windows 10 systems.
Technical Implementation
The remediation process followed a methodical workflow that included scanning with Tenable Nessus, identifying failed STIG items, and implementing fixes through automated PowerShell scripts. Key areas addressed included event log size configuration, disabling PowerShell 2.0, enforcing account lockout policies, implementing password complexity requirements, disabling AutoPlay/AutoRun functionality, configuring Data Execution Prevention (DEP), and disabling WDigest authentication to prevent credential theft. The project culminated in a significant reduction of STIG vulnerabilities, from 137 to 122 failed checks.