From dd8cd7a7d5d0ba4e98265fe9b4e20b051fd44b10 Mon Sep 17 00:00:00 2001
From: Long Lam <31355535+eemperor@users.noreply.github.com>
Date: Mon, 19 Aug 2024 10:23:23 -0400
Subject: [PATCH] Adds additional Windows 11 STIGs

---
 ash-windows/stig/Windows_11/init.sls | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/ash-windows/stig/Windows_11/init.sls b/ash-windows/stig/Windows_11/init.sls
index 1ba4ad6..3d3309d 100644
--- a/ash-windows/stig/Windows_11/init.sls
+++ b/ash-windows/stig/Windows_11/init.sls
@@ -1 +1,9 @@
-#No additional stig requirements
+SV-253283r828933_rule - Data Execution Prevention (DEP) must be configured to at least OptOut:
+  cmd.run:
+    - name: BCDEDIT /set "{current}" nx OptOut
+    - shell: powershell
+
+SV-253285r828939_rule - The Windows PowerShell 2.0 feature must be disabled on the system:
+  cmd.run:
+    - name: Disable-WindowsOptionalFeature -Online -NoRestart -FeatureName MicrosoftWindowsPowerShellV2Root
+    - shell: powershell