STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Microsoft Windows 11 Security Technical Implementation Guide

V-253423

CAT II (Medium)

The convenience PIN for Windows 11 must be disabled.

Rule ID

SV-253423r958478_rule

STIG

Microsoft Windows 11 Security Technical Implementation Guide

Version

V2R7

CCIs

CCI-000381

Discussion

This policy controls whether a domain user can sign in using a convenience PIN to prevent enabling (Password Stuffer).

Check Content

If the following registry value does not exist or is not configured as specified, this is a finding:

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \Software\Policies\Microsoft\Windows\System

Value Name: AllowDomainPINLogon
Value Type: REG_DWORD
Value data: 0

Fix Text

Disable the convenience PIN sign-in. 

To correct this, configure the policy value for Computer Configuration >> Administrative Templates >> System >> Logon >> Set "Turn on convenience PIN sign-in" to "Disabled".