STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Microsoft Windows 10 Security Technical Implementation Guide

V-220870

CAT II (Medium)

The convenience PIN for Windows 10 must be disabled.

Rule ID

SV-220870r569187_rule

STIG

Microsoft Windows 10 Security Technical Implementation Guide

Version

V2R9

CCIs

CCI-000381

Discussion

This policy controls whether a domain user can sign in using a convenience PIN to prevent enabling (Password Stuffer).

Check Content

If the following registry value does not exist or is not configured as specified, this is a finding.

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \Software\Policies\Microsoft\Windows\System

Value Name: AllowDomainPINLogon
Value Type: REG_DWORD
Value data: 0

Fix Text

Disable the convenience PIN sign-in. 

If this needs to be corrected configure the policy value for Computer Configuration >> Administrative Templates >> System >> Logon >> Set "Turn on convenience PIN sign-in" to "Disabled”.