Back

Configure the "Network Security: Allow PKU2U authentication requests to this computer to use online identities" to organizational standards.


CONTROL ID
07638
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Configure Key, Certificate, Password, Authentication and Identity Management settings in accordance with organizational standards., CC ID: 07621

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Configure the "Network Security: Allow PKU2U authentication requests to this computer to use online identities" setting to "Not Defined". (2F56EF7D-0613-47F4-AB88-060B0A534A52, Win7SP1 Computer Security Compliance, 1.0)
  • Configure the "Network Security: Allow PKU2U authentication requests to this computer to use online identities" setting to "Not Defined". (3B89EABA-A593-4AB4-9DA6-E62124A4748A, Win7SP1 Computer Security Compliance, 1.0)
  • Configure the "Network Security: Allow PKU2U authentication requests to this computer to use online identities" setting to "Disabled". (C2F80B35-E070-467B-BBB2-637FC737C666, Win8 Computer Security Compliance, 1.0)
  • Configure the "Network Security: Allow PKU2U authentication requests to this computer to use online identities" setting to "Disabled". (B1AB93A2-B202-4D0F-A9DA-C30EE2D94879, Win8 Computer Security Compliance, 1.0)
  • Configure the "Network Security: Allow PKU2U authentication requests to this computer to use online identities" setting to "Disabled". (F15014C5-1B96-4D2A-8885-E7671995D224, WS2008R2SP1 Domain Controller Security Compliance, 1.1)
  • Configure the "Network Security: Allow PKU2U authentication requests to this computer to use online identities" setting to "Disabled". (49941F18-DD41-4294-AE33-1088DA3829D0, WS2008R2SP1 Domain Controller Security Compliance, 1.1)
  • Configure the "Network Security: Allow PKU2U authentication requests to this computer to use online identities" setting to "Not Defined". (B595BC9C-54FD-4589-86BB-19E7FD3D2196, WS2008R2SP1 Member Server Security Compliance, 1.1)
  • Configure the "Network Security: Allow PKU2U authentication requests to this computer to use online identities" setting to "Not Defined". (1FE4B91E-8C12-44CF-8394-D012F29080AE, WS2008R2SP1 Member Server Security Compliance, 1.1)
  • Configure the "Network Security: Allow PKU2U authentication requests to this computer to use online identities" setting to "Not Defined". (CC50B9B6-984A-45DE-952C-09B58093D6C6, WS2012 Domain Controller Security Compliance, 1.0)
  • Configure the "Network Security: Allow PKU2U authentication requests to this computer to use online identities" setting to "Not Defined". (9BEAC604-39F8-4D6B-8638-18B17DA3F5A4, WS2012 Domain Controller Security Compliance, 1.0)
  • Configure the "Network Security: Allow PKU2U authentication requests to this computer to use online identities" setting to "Not Defined". (8FFECCE1-E48C-460A-A6B9-BD72396EDC62, WS2012 Member Server Security Compliance, 1.0)
  • Configure the "Network Security: Allow PKU2U authentication requests to this computer to use online identities" setting to "Not Defined". (BDDB900C-8726-4176-B7EA-C4672A43A0D8, WS2012 Member Server Security Compliance, 1.0)
  • (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' Description: This setting determines if online identities are able to authenticate to this computer. The Public Key Cryptography Based User-to-User (PKU2U) protocol intr… (2.3.11.3, CIS Microsoft Windows Server 2019 Benchmark, v1.2.1, Level 1)
  • (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' Description: This setting determines if online identities are able to authenticate to this computer. The Public Key Cryptography Based User-to-User (PKU2U) protocol intr… (2.3.11.3, CIS Microsoft Windows Server 2019 Benchmark, v1.2.1, Level 2)
  • Title: Configure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' Description: Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate decides w… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.1.1.1.46_Configure_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.1.1.1.46.1_, The Center for Internet Security Microsoft Windows 7 Level 1 + BitLocker Benchmark, 2.1.0)
  • Title: Configure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' Description: Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate decides w… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.1.1.1.46_Configure_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.1.1.1.46.2_, The Center for Internet Security Microsoft Windows 7 Level 1 + BitLocker Benchmark, 2.1.0)
  • Title: Configure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' Description: Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate decides w… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.1.1.1.46_Configure_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.1.1.1.46.1_, The Center for Internet Security Microsoft Windows 7 Level 1 Benchmark, 2.1.0)
  • Title: Configure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' Description: Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate decides w… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.1.1.1.46_Configure_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.1.1.1.46.2_, The Center for Internet Security Microsoft Windows 7 Level 1 Benchmark, 2.1.0)
  • Title: Set 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' to 'Disabled' Description: Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate d… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.11.12_Set_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities_to_Disabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.11.12.1_, The Center for Internet Security Microsoft Windows 8 Level 1 + BitLocker Benchmark, 1.0.0)
  • Title: Set 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' to 'Disabled' Description: Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate d… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.11.12_Set_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities_to_Disabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.11.12.2_, The Center for Internet Security Microsoft Windows 8 Level 1 + BitLocker Benchmark, 1.0.0)
  • Title: Set 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' to 'Disabled' Description: Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate d… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.11.12_Set_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities_to_Disabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.11.12.1_, The Center for Internet Security Microsoft Windows 8 Level 1 Benchmark, 1.0.0)
  • Title: Set 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' to 'Disabled' Description: Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate d… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.11.12_Set_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities_to_Disabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.11.12.2_, The Center for Internet Security Microsoft Windows 8 Level 1 Benchmark, 1.0.0)
  • Title: Set 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' to 'Disabled' Description: Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate d… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.27_Set_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities_to_Disabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.27.1_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Domain Controller Benchmark, 2.1.0)
  • Title: Set 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' to 'Disabled' Description: Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate d… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.27_Set_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities_to_Disabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.27.2_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Domain Controller Benchmark, 2.1.0)
  • Title: Configure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' Description: Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate decides w… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.25_Configure_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.25.1_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Member Server Benchmark, 2.1.0)
  • Title: Configure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' Description: Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate decides w… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.25_Configure_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.25.2_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Member Server Benchmark, 2.1.0)
  • Title: Configure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' Description: Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate decides w… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.12.1_Configure_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.12.1.1_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Domain Controller Benchmark, 1.0.0)
  • Title: Configure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' Description: Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate decides w… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.12.1_Configure_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.12.1.2_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Domain Controller Benchmark, 1.0.0)
  • Title: Configure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' Description: Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate decides w… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.12.1_Configure_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.12.1.2_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Member Server Benchmark, 1.0.0)
  • Title: Configure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' Description: Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate decides w… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.12.1_Configure_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.12.1.1_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Member Server Benchmark, 1.0.0)
  • The 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' setting should be configured correctly. Technical Mechanisms: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Allow PKU2U authen… (CCE-10839-9, Common Configuration Enumeration List, Combined XML: Microsoft Windows Server 2008 R2, 5.20130214)