1.6.2 Ensure 'Supported authentication schemes' is set to 'Enabled: digest, ntlm, negotiate'

Information

This setting specifies what HTTP authentication methods are supported.

The recommended setting is Enabled: digest, ntlm, negotiate.

Rationale:

Basic authentication is the least secure method of authenticating as it sends username and password information in un-encrypted form which should never be done for security reasons.

Impact:

Any sites that utilizes Basic Authentication will be impacted. Sites will need to be reconfigured to support a more secure form of authentication.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled: digest, ntlm, negotiate'

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\HTTP authentication\Supported authentication schemes

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from Microsoft here.

Default Value:

Enabled - The following schemes will be used: basic, digest, ntlm, and negotiate.

See Also

https://workbench.cisecurity.org/files/3907

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5, CSCv7|16.5

Plugin: Windows

Control ID: d8b525c93c44f6d9ae3422272206e8f5cbf4c45e452d83e8d29cde62e12306cb