CUI

USNS MONTFORD POINT - Findings

Back to Ship Export CSV Download POA&M

Showing 4 of 4 findings (filtered) View Documentation Status (90 tracked)

Vuln ID	Severity	Asset	STIG	Title	Status	Doc Status	Assigned To	Actions
V-220936	CAT II	MONT-WS-92040	Microsoft Windows 10 Security Technical ...	Kerberos encryption types must be configured to pr...		-
Check Text If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: SupportedEncryptionTypes Value Type: REG_DWORD Value: 0x7ffffff8 (2147483640) Fix Text Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network security: Configure encryption types allowed for Kerberos" to "Enabled" with only the following selected: AES128_HMAC_SHA1 AES256_HMAC_SHA1 Future encryption types Finding Details Evaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: FA8A28E5C7305C47B185A011067CD50419C4016B ~~~~~ 'Network security: Configure encryption types allowed for Kerberos' is Enabled: (AES128_HMAC_SHA1, AES256_HMAC_SHA1, and Future encryption types) Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters Value Name: SupportedEncryptionTypes Value: 0x7ffffff8 (2147483640) Type: REG_DWORD Source: _Reviewed/MONT-WS-92040/Checklist/MONT-WS-92040_Win10_V3R4_20251023-142421.ckl Scan Date: 2026-01-14T12:57:26.690022 Technology Area: Windows Operating System
V-220936	CAT II	MONT-WS-92010	Microsoft Windows 10 Security Technical ...	Kerberos encryption types must be configured to pr...		-
Check Text If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: SupportedEncryptionTypes Value Type: REG_DWORD Value: 0x7ffffff8 (2147483640) Fix Text Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network security: Configure encryption types allowed for Kerberos" to "Enabled" with only the following selected: AES128_HMAC_SHA1 AES256_HMAC_SHA1 Future encryption types Finding Details Evaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: FA8A28E5C7305C47B185A011067CD50419C4016B ~~~~~ 'Network security: Configure encryption types allowed for Kerberos' is Enabled: (AES128_HMAC_SHA1, AES256_HMAC_SHA1, and Future encryption types) Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters Value Name: SupportedEncryptionTypes Value: 0x7ffffff8 (2147483640) Type: REG_DWORD Source: _Reviewed/MONT-WS-92010/Checklist/MONT-WS-92010_Win10_V3R4_20251023-141133.ckl Scan Date: 2026-01-14T12:57:28.689048 Technology Area: Windows Operating System
V-220936	CAT II	MONT-SW-89108	Microsoft Windows 10 Security Technical ...	Kerberos encryption types must be configured to pr...		-
Check Text If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: SupportedEncryptionTypes Value Type: REG_DWORD Value: 0x7ffffff8 (2147483640) Fix Text Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network security: Configure encryption types allowed for Kerberos" to "Enabled" with only the following selected: AES128_HMAC_SHA1 AES256_HMAC_SHA1 Future encryption types Finding Details Evaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: FA8A28E5C7305C47B185A011067CD50419C4016B ~~~~~ 'Network security: Configure encryption types allowed for Kerberos' is Enabled: (AES128_HMAC_SHA1, AES256_HMAC_SHA1, and Future encryption types) Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters Value Name: SupportedEncryptionTypes Value: 0x7ffffff8 (2147483640) Type: REG_DWORD Source: MONT-SW-89108_Win10_V3R5_20251217-203019.ckl Scan Date: 2026-03-04T15:25:16.342077 Technology Area: Windows Operating System
V-220936	CAT II	MONT-SW-89134	Microsoft Windows 10 Security Technical ...	Kerberos encryption types must be configured to pr...		-
Check Text If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: SupportedEncryptionTypes Value Type: REG_DWORD Value: 0x7ffffff8 (2147483640) Fix Text Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network security: Configure encryption types allowed for Kerberos" to "Enabled" with only the following selected: AES128_HMAC_SHA1 AES256_HMAC_SHA1 Future encryption types Finding Details Evaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: FA8A28E5C7305C47B185A011067CD50419C4016B ~~~~~ 'Network security: Configure encryption types allowed for Kerberos' is Enabled: (AES128_HMAC_SHA1, AES256_HMAC_SHA1, and Future encryption types) Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters Value Name: SupportedEncryptionTypes Value: 0x7ffffff8 (2147483640) Type: REG_DWORD Source: MONT-SW-89134_Win10_V3R5_20251217-201218.ckl Scan Date: 2026-03-04T15:25:42.339596 Technology Area: Windows Operating System

CUI