| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: 35876C8966B85EC1E2B626A04F1F3A7173B7D72A ~~~~~ System is a 'Standalone Workstation' so this requirement is NA. Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: 35876C8966B85EC1E2B626A04F1F3A7173B7D72A ~~~~~ System is a 'Standalone Workstation' so this requirement is NA. Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: AE3557015A08DB12E5597F43A4E5F8B4B58E08CE ~~~~~ 'Support device authentication using certificate' is Not Configured in group policy which is acceptable per the STIG. Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters Value Name: DevicePKInitEnabled (Not found) Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: AE3557015A08DB12E5597F43A4E5F8B4B58E08CE ~~~~~ 'Support device authentication using certificate' is Not Configured in group policy which is acceptable per the STIG. Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters Value Name: DevicePKInitEnabled (Not found) Comments |
|||||
Check Text
This requirement is applicable to domain-joined systems. For standalone or nondomain-joined systems, this is NA. The default behavior for "Support device authentication using certificate" is "Automatic". If the registry value name below does not exist, this is not a finding. If it exists and is configured with a value of "1", this is not a finding. If it exists and is configured with a value of "0", this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: DevicePKInitEnabled Value Type: REG_DWORD Value: 1 (or if the Value Name does not exist)
Fix Text
This requirement is applicable to domain-joined systems. For standalone or nondomain-joined systems, this is NA. The default behavior for "Support device authentication using certificate" is "Automatic". If this needs to be corrected, configure the policy value for Computer Configuration >> Administrative Templates >> System >> Kerberos >> "Support device authentication using certificate" to "Not Configured or "Enabled" with either option selected in "Device authentication behavior using certificate:".