Detections
Analytics

1.187 WN22-DC-000406

Information

Windows Server 2022 must be configured for name-based strong mappings for certificates.

GROUP ID: V-271427
RULE ID: SV-271427r1059560

Weak mappings give rise to security vulnerabilities and demand hardening measures. Certificate names must be correctly mapped to the intended user account in Active Directory. A lack of strong name-based mappings allows certain weak certificate mappings, such as Issuer/Subject AltSecID and User Principal Names (UPN) mappings, to be treated as strong mappings.

Solution

Configure the policy value for

Computer Configuration >> Administrative Template >> System >> KDC >> Allow name-based strong mappings for certificates to 'Enabled'

See Also

https://workbench.cisecurity.org/benchmarks/22357

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CAT|II, CCI|CCI-000213, Rule-ID|SV-271427r1059560_rule, STIG-ID|WN22-DC-000406, Vuln-ID|V-271427

Plugin: Windows

Control ID: c7d048f1d0955149366e21dc685c39af5131b710b38ba8a51be7ea918d372a26