Windows OS: Secure Boot must be enabled | EventSentry

PingSentry | Blog | System32 | GitHub | Free tools

Windows OS: Secure Boot must be enabled

e8bb4b60-e081-427e-924e-e99a1aacf387

When a PC starts, it first finds the operating system boot loader. PCs without Secure Boot simply run whatever boot loader is on the PC’s hard drive and there is no way for the PC to tell whether it’s a trusted operating system or a rootkit.

https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process

Remediation

https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/secure-boot-isnt-configured-correctly-troubleshooting

Stig Server 2016: https://www.stigviewer.com/stig/windows_server_2016/2019-01-16/finding/V-90355
Server 2019: https://www.stigviewer.com/stig/microsoft_windows_server_2019/2022-03-01/finding/V-205857
Stig Desktop Windows 10: https://www.stigviewer.com/stig/windows_10/2019-01-04/finding/V-77085
Stig Desktop Windows 11: https://www.stigviewer.com/stig/microsoft_windows_11/2022-06-24/finding/V-253257

Tags

stig-low-server stig-low-desktop compliance-desktop compliance-server security-server security-desktop desktop server