Detections
Analytics

1.187 WN19-DC-000401

Information

Windows Server 2019 must be configured for named-based strong mappings for certificates.

GROUP ID:V-271429
RULE ID:SV-271429r1059566

Weak mappings give rise to security vulnerabilities and demand hardening measures. Certificate names must be correctly mapped to the intended user account in Active Directory. A lack of strong name-based mappings allows certain weak certificate mappings, such as Issuer/Subject AltSecID and User Principal Names (UPN) mappings, to be treated as strong mappings.

Solution

Configure the policy value for

Computer Configuration >> Administrative Template >> System >> KDC >> Allow name-based strong mappings for certificates to 'Enabled'.

See Also

https://workbench.cisecurity.org/benchmarks/22176

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3

Plugin: Windows

Control ID: c0e3912efc8d94f6a54037e89d3db09e4473c0c34c23aeed531db7e5c1c1476e