Skip to content

Project case study

DISA STIG Remediation Project

PowerShell remediation scripts with screenshot validation for selected Windows 11 DISA STIG findings in a lab environment.

Role alignment

Security Analyst / Technical Compliance Analyst

Executive summary

PowerShell remediation scripts with screenshot validation for selected Windows 11 DISA STIG findings in a lab environment.

Hiring relevance

The STIG remediation work shows practical secure-configuration judgment: interpreting control requirements, translating them into repeatable PowerShell changes, and preserving validation evidence without overstating compliance.

Full technical write-up available

This portfolio page summarizes the project for hiring review. Use the Evidence Links section to read the full technical write-up and review the supporting project artifacts.

11

STIGS Remediated

Fail / Fix / Pass

Evidence States

PowerShell

Primary Automation

Problem

Selected Windows 11 DISA STIG findings required configuration changes and validation evidence showing failed, remediated, and passed states.

Environment / Tools

PowerShellDISA STIGCustom DISA STIG GPTWindows 11Windows Registryauditpolgpupdate

Approach

  1. 1Built one PowerShell remediation script per selected STIG ID.
  2. 2Used registry policy keys for Windows security configuration controls.
  3. 3Used auditpol for audit-policy remediation where the STIG control required audit settings.
  4. 4Included verification commands in scripts to confirm configured values.
  5. 5Organized evidence by STIG ID with failed, remediation, and passed screenshots where available.

Evidence

  • The repository README maps STIG IDs to matching scripts and screenshot evidence folders.
  • The indexed remediations include audit policy, event log sizing, lock-screen camera disablement, Group Policy reprocessing, HTTP printing disablement, wake-from-sleep password requirement, Microsoft consumer experience disablement, Game DVR disablement, Windows Installer elevated privilege disablement, and Kernel DMA Protection device enumeration policy.
  • Screenshot evidence is organized to show failed, remediation, and passed states for supported controls.
  • The repository notes that WN11-00-000210 remained unresolved and may require policy-level management through Intune.

STIG evidence workflow

  1. 1.Select Windows 11 DISA STIG finding
  2. 2.Map STIG ID to remediation script
  3. 3.Apply registry, auditpol, or policy-related change
  4. 4.Run verification command
  5. 5.Capture failed, remediation, and passed evidence where available
  6. 6.Document unresolved finding separately when local scripting is insufficient

Result

The project documents selected Windows 11 STIG remediations with script-based changes and validation evidence. The repository does not claim full STIG compliance or production deployment.

What I learned

  • Individual STIG findings can often be translated into discrete, testable remediation scripts.
  • Compliance evidence is stronger when remediation commands are paired with verification output and screenshots.
  • Some configuration findings may require policy-level enforcement instead of local scripting alone.