PingSentry   |   Discord   |   System32   |   GitHub   |   Free tools

Domain Controller: System must be configured for certificate-based authentication for domain controllers

7b08353a-c241-4eb7-b1fd-872b7cf5528e

Active Directory domain services elevation of privilege vulnerability could allow a user rights to the system, such as administrative and other high-level capabilities.

Remediation

Configure the registry value.
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: SYSTEM\CurrentControlSet\Services\Kdc

Value Name: StrongCertificateBindingEnforcement

Value Type: REG_DWORD
Value: 0x00000001 (1) or 0x00000002 (2)

STIG: Server
2022: https://system32.eventsentry.com/stig/viewer/V-271426
2019: https://system32.eventsentry.com/stig/viewer/V-271428

NIST 800-53 : CM-6, IA-3, IA-5, SC-8
NIST 800-171: 3.4.6, 3.5.2
CMMC v2.0 L2: CM.L2-3.4.6, IA.L2-3.5.2
PCI-DSS v4.0: 2.2.1, 8.2.1
HIPAA SR : §164.312(d), §164.312(a)(1)
HIPAA HICP : Practice 3 (Identity and Access Management)



Tags

stig-medium-server security-server nist800-53-server nist800-171-server cmmc2-l2-server pci-dss-v4-server hipaa-server

Your Privacy Choices

Manage your cookie preferences below:

Helps us improve website performance and understand how visitors use our site.

Allows us to collect feedback about our products and improve them based on your input.

To learn more about our use of cookies, please see our
Privacy Policy.