df8e6841-1dd4-42ce-b374-28f997e12b6d
Attackers are constantly looking for vulnerabilities in systems and applications. Data Execution Prevention (DEP) prevents harmful code from running in protected memory locations reserved for Windows and other programs.
Configure DEP to at least OptOut.
Note: Suspend BitLocker before making changes to the DEP configuration via BCDEDIT
BCEDIT Method:
- Open a command prompt (cmd.exe) or PowerShell with elevated privileges (Run as administrator).
- Enter "BCDEDIT /set nx OptOut".
- "AlwaysOn", a more restrictive selection, is also valid but does not allow applications that do not function properly to be opted out of DEP.
System Properties Method:
STIG Desktop:
W10 https://www.stigviewer.com/stig/windows_10/2019-01-04/finding/V-68845 / https://www.stigviewer.com/stig/windows_10/2021-03-10/finding/V-220726
W11 https://www.stigviewer.com/stig/microsoft_windows_11/2023-09-29/finding/V-253283
NIST 800-53: CM-7(2)
CSCv6: 8.4
NIST 800-171 Rev2: 3.4.7
NIST 800-171 Rev3 FPD: 3.4.8.b
NIST 800-171 Rev3: 03.04.08.b
CMMC v2.0 L2: CM.L2-3.4.7
CMMC V2.1 L2: CM.L2-3.4.7