Back

Configure the "Maximum lifetime for user ticket renewal" to organizational standards.


CONTROL ID
08257
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Configure Key, Certificate, Password, Authentication and Identity Management settings in accordance with organizational standards., CC ID: 07621

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Configure the "Maximum lifetime for user ticket renewal" setting to "Not Defined". (7A6487FB-FDFB-4E06-A72C-2E39809C9D7F, WS2003SP2 Domain Controller Security Compliance, 1.0)
  • Configure the "Maximum lifetime for user ticket renewal" setting to "Not Defined". (251C6A58-A181-4736-8B24-F32573E4D22B, WS2003SP2 Domain Controller Security Compliance, 1.0)
  • Configure the "Maximum lifetime for user ticket renewal" setting to "Not Defined". (6917DDBE-DAC2-42CA-8E28-F37A60FE73C2, WS2008SP2 Domain Controller Security Compliance, 1.0)
  • The "Maximum User Renewal Lifetime" policy should be set correctly. Technical Mechanisms: Parameters: (1) number of days References: CCE-33 Kerberos - User Ticket Renewal Lifetime (DC Requirements (CCE-4684-7, Common Configuration Enumeration List, Combined XML: Windows 2000, 5.20130214)
  • The "Maximum User Renewal Lifetime" policy should be set correctly. Technical Mechanisms: (1) Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy\Maximum lifetime for user ticket renewal Parameters: (1) Number of days References: CCE-33 (CCE-7606-7, Common Configuration Enumeration List, Combined XML: Windows Server 2003, 5.20130214)
  • The maximum lifetime for Kerberos user ticket renewal should be set appropriately. Technical Mechanisms: (1) Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy\Maximum lifetime for user ticket renewal Parameters: (1) Number of days References: (CCE-8000-2, Common Configuration Enumeration List, Combined XML: Windows Server 2008, 5.20130214)