DISA STIG Remediation Project

Problem

Selected Windows 11 DISA STIG findings required configuration changes and validation evidence showing failed, remediated, and passed states.

Approach

• Built one PowerShell remediation script per selected STIG ID.
• Used registry policy keys for Windows security configuration controls.
• Used auditpol for audit-policy remediation where the STIG control required audit settings.
• Included verification commands in scripts to confirm configured values.
• Organized evidence by STIG ID with failed, remediation, and passed screenshots where available.

Evidence

• The repository README maps STIG IDs to matching scripts and screenshot evidence folders.
• The indexed remediations include audit policy, event log sizing, lock-screen camera disablement, Group Policy reprocessing, HTTP printing disablement, wake-from-sleep password requirement, Microsoft consumer experience disablement, Game DVR disablement, Windows Installer elevated privilege disablement, and Kernel DMA Protection device enumeration policy.
• Screenshot evidence is organized to show failed, remediation, and passed states for supported controls.
• The repository notes that WN11-00-000210 remained unresolved and may require policy-level management through Intune.

Outcome

The project documents selected Windows 11 STIG remediations with script-based changes and validation evidence. The repository does not claim full STIG compliance or production deployment.

What I learned

• Individual STIG findings can often be translated into discrete, testable remediation scripts.
• Compliance evidence is stronger when remediation commands are paired with verification output and screenshots.
• Some configuration findings may require policy-level enforcement instead of local scripting alone.