Windows STIG Compliance Automation
Project Overview
A hands-on cybersecurity portfolio project demonstrating automated remediation of Windows 11 Security Technical Implementation Guide (STIG) findings using PowerShell. This project showcases vulnerability management, compliance automation, and infrastructure security skills through a structured methodology applied to 10 critical security controls.
Lab Environment
| Component | Details |
|---|---|
| Cloud Platform | Microsoft Azure |
| VM Access | Azure Bastion |
| Operating System | Windows 11 |
| Vulnerability Scanner | Tenable Vulnerability Management |
| Automation | PowerShell 5.1+ |
Methodology
Each STIG follows a repeatable 8-step remediation process:
| Step | Action | Purpose |
|---|---|---|
| 1 | Initial Scan | Identify failed STIG finding |
| 2 | Verify Current State | Document baseline configuration |
| 3 | Manual Remediation | Implement fix via GUI/native tools |
| 4 | Rescan | Confirm manual fix success |
| 5 | Undo Fix | Revert to failed state |
| 6 | Rescan | Confirm failure state restored |
| 7 | PowerShell Remediation | Automate the fix with script |
| 8 | Final Scan | Validate automated remediation |
Progress: 10 of 10 Complete (100%)
| # | STIG ID | Requirement | Status |
|---|---|---|---|
| 1 | WN11-AU-000500 | Application event log size (32768 KB) | ✅ Complete |
| 2 | WN11-AU-000510 | System event log size (32768 KB) | ✅ Complete |
| 3 | WN11-AU-000505 | Security event log size (1024000 KB) | ✅ Complete |
| 4 | WN11-CC-000038 | WDigest Authentication disabled | ✅ Complete |
| 5 | WN11-SO-000030 | Audit policy subcategories enabled | ✅ Complete |
| 6 | WN11-CC-000040 | Insecure SMB logons disabled | ✅ Complete |
| 7 | WN11-CC-000044 | Internet Connection Sharing disabled | ✅ Complete |
| 8 | WN11-CC-000065 | Wi-Fi Sense disabled | ✅ Complete |
| 9 | WN11-CC-000305 | Indexing of encrypted files disabled | ✅ Complete |
| 10 | WN11-CC-000325 | Automatic sign-in after restart disabled | ✅ Complete |
STIG Categories
| Category | STIGs | Description |
|---|---|---|
| Audit & Logging | 1, 2, 3, 5 | Event log configuration and audit policies |
| Credential Security | 4 | Authentication and credential storage |
| Network Security | 6, 7, 8 | SMB, network sharing, and wireless settings |
| Data Protection | 9 | Encryption and indexing controls |
| Authentication | 10 | Sign-in and session management |
Skills Demonstrated
| Skill Area | Application |
|---|---|
| Vulnerability Management | Tenable scanning, finding analysis, prioritization |
| Compliance Automation | PowerShell scripting for repeatable remediation |
| Windows Security | Registry hardening, Group Policy, Event Logging |
| Cloud Infrastructure | Azure VM deployment, Bastion connectivity |
| Documentation | Technical writing, evidence collection, process documentation |
| DevOps Practices | Version control, infrastructure as code concepts |