CUI

USNS MONTFORD POINT - Findings

Back to Ship Export CSV Download POA&M

Showing 8 of 8 findings (filtered) View Documentation Status (90 tracked)

Vuln ID	Severity	Asset	STIG	Title	Status	Doc Status	Assigned To	Actions
V-225052	CAT II	MONT-VSF-004	Microsoft Windows Server 2016 Security T...	Kerberos encryption types must be configured to pr...		-
Check Text If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: SupportedEncryptionTypes Value Type: REG_DWORD Value: 0x7ffffff8 (2147483640) Fix Text Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network security: Configure encryption types allowed for Kerberos" to "Enabled" with only the following selected: AES128_HMAC_SHA1 AES256_HMAC_SHA1 Future encryption types Note: Organizations with domain controllers running earlier versions of Windows where RC4 encryption is enabled, selecting "The other domain supports Kerberos AES Encryption" on domain trusts, may be required to allow client communication across the trust relationship. Finding Details Evaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: EB2E1C21CBD2C88EBB89CDF510B713F7A18E062B ~~~~~ 'Network security: Configure encryption types allowed for Kerberos' is Enabled with 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, and Future encryption types' Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: SupportedEncryptionTypes Value: 0x7ffffff8 (2147483640) Type: REG_DWORD Source: _Reviewed/MONT-VSF-004/Checklist/MONT-VSF-004_WinServer2016_V2R10_20251023-143909.ckl Scan Date: 2026-01-14T12:57:30.046447 Technology Area: Windows Operating System
V-225052	CAT II	MONT-VSF-003	Microsoft Windows Server 2016 Security T...	Kerberos encryption types must be configured to pr...		-
Check Text If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: SupportedEncryptionTypes Value Type: REG_DWORD Value: 0x7ffffff8 (2147483640) Fix Text Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network security: Configure encryption types allowed for Kerberos" to "Enabled" with only the following selected: AES128_HMAC_SHA1 AES256_HMAC_SHA1 Future encryption types Note: Organizations with domain controllers running earlier versions of Windows where RC4 encryption is enabled, selecting "The other domain supports Kerberos AES Encryption" on domain trusts, may be required to allow client communication across the trust relationship. Finding Details Evaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: EB2E1C21CBD2C88EBB89CDF510B713F7A18E062B ~~~~~ 'Network security: Configure encryption types allowed for Kerberos' is Enabled with 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, and Future encryption types' Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: SupportedEncryptionTypes Value: 0x7ffffff8 (2147483640) Type: REG_DWORD Source: _Reviewed/MONT-VSF-003/Checklist/MONT-VSF-003_WinServer2016_V2R10_20251023-143935.ckl Scan Date: 2026-01-14T12:57:31.534241 Technology Area: Windows Operating System
V-225052	CAT II	MONT-MB-002	Microsoft Windows Server 2016 Security T...	Kerberos encryption types must be configured to pr...		-
Check Text If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: SupportedEncryptionTypes Value Type: REG_DWORD Value: 0x7ffffff8 (2147483640) Fix Text Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network security: Configure encryption types allowed for Kerberos" to "Enabled" with only the following selected: AES128_HMAC_SHA1 AES256_HMAC_SHA1 Future encryption types Note: Organizations with domain controllers running earlier versions of Windows where RC4 encryption is enabled, selecting "The other domain supports Kerberos AES Encryption" on domain trusts, may be required to allow client communication across the trust relationship. Finding Details Evaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: EB2E1C21CBD2C88EBB89CDF510B713F7A18E062B ~~~~~ 'Network security: Configure encryption types allowed for Kerberos' is Enabled with 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, and Future encryption types' Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: SupportedEncryptionTypes Value: 0x7ffffff8 (2147483640) Type: REG_DWORD Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_WinServer2016_V2R10_20251023-152736.ckl Scan Date: 2026-01-14T12:57:33.842838 Technology Area: Windows Operating System
V-225052	CAT II	MONT-DP-001	Microsoft Windows Server 2016 Security T...	Kerberos encryption types must be configured to pr...		-
Check Text If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: SupportedEncryptionTypes Value Type: REG_DWORD Value: 0x7ffffff8 (2147483640) Fix Text Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network security: Configure encryption types allowed for Kerberos" to "Enabled" with only the following selected: AES128_HMAC_SHA1 AES256_HMAC_SHA1 Future encryption types Note: Organizations with domain controllers running earlier versions of Windows where RC4 encryption is enabled, selecting "The other domain supports Kerberos AES Encryption" on domain trusts, may be required to allow client communication across the trust relationship. Finding Details Evaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: EB2E1C21CBD2C88EBB89CDF510B713F7A18E062B ~~~~~ 'Network security: Configure encryption types allowed for Kerberos' is Enabled with 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, and Future encryption types' Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: SupportedEncryptionTypes Value: 0x7ffffff8 (2147483640) Type: REG_DWORD Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_WinServer2016_V2R10_20251023-144106.ckl Scan Date: 2026-01-14T12:57:35.637816 Technology Area: Windows Operating System
V-225052	CAT II	MONT-DC-003	Microsoft Windows Server 2016 Security T...	Kerberos encryption types must be configured to pr...		-
Check Text If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: SupportedEncryptionTypes Value Type: REG_DWORD Value: 0x7ffffff8 (2147483640) Fix Text Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network security: Configure encryption types allowed for Kerberos" to "Enabled" with only the following selected: AES128_HMAC_SHA1 AES256_HMAC_SHA1 Future encryption types Note: Organizations with domain controllers running earlier versions of Windows where RC4 encryption is enabled, selecting "The other domain supports Kerberos AES Encryption" on domain trusts, may be required to allow client communication across the trust relationship. Finding Details Evaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: EB2E1C21CBD2C88EBB89CDF510B713F7A18E062B ~~~~~ 'Network security: Configure encryption types allowed for Kerberos' is Enabled with 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, and Future encryption types' Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: SupportedEncryptionTypes Value: 0x7ffffff8 (2147483640) Type: REG_DWORD Source: _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_WinServer2016_V2R10_20251023-172220.ckl Scan Date: 2026-01-14T12:57:37.248886 Technology Area: Windows Operating System
V-225052	CAT II	MONT-DB-002	Microsoft Windows Server 2016 Security T...	Kerberos encryption types must be configured to pr...		-
Check Text If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: SupportedEncryptionTypes Value Type: REG_DWORD Value: 0x7ffffff8 (2147483640) Fix Text Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network security: Configure encryption types allowed for Kerberos" to "Enabled" with only the following selected: AES128_HMAC_SHA1 AES256_HMAC_SHA1 Future encryption types Note: Organizations with domain controllers running earlier versions of Windows where RC4 encryption is enabled, selecting "The other domain supports Kerberos AES Encryption" on domain trusts, may be required to allow client communication across the trust relationship. Finding Details Evaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: EB2E1C21CBD2C88EBB89CDF510B713F7A18E062B ~~~~~ 'Network security: Configure encryption types allowed for Kerberos' is Enabled with 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, and Future encryption types' Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: SupportedEncryptionTypes Value: 0x7ffffff8 (2147483640) Type: REG_DWORD Source: _Reviewed/MONT-DB-002/Checklist/MONT-DB-002_WinServer2016_V2R10_20251023-144132.ckl Scan Date: 2026-01-14T12:57:39.082634 Technology Area: Windows Operating System
V-225052	CAT II	MONT-BE-002	Microsoft Windows Server 2016 Security T...	Kerberos encryption types must be configured to pr...		-
Check Text If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: SupportedEncryptionTypes Value Type: REG_DWORD Value: 0x7ffffff8 (2147483640) Fix Text Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network security: Configure encryption types allowed for Kerberos" to "Enabled" with only the following selected: AES128_HMAC_SHA1 AES256_HMAC_SHA1 Future encryption types Note: Organizations with domain controllers running earlier versions of Windows where RC4 encryption is enabled, selecting "The other domain supports Kerberos AES Encryption" on domain trusts, may be required to allow client communication across the trust relationship. Finding Details Evaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: EB2E1C21CBD2C88EBB89CDF510B713F7A18E062B ~~~~~ 'Network security: Configure encryption types allowed for Kerberos' is Enabled with 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, and Future encryption types' Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: SupportedEncryptionTypes Value: 0x7ffffff8 (2147483640) Type: REG_DWORD Source: _Reviewed/MONT-BE-002/Checklist/MONT-BE-002_WinServer2016_V2R10_20251023-143943.ckl Scan Date: 2026-01-14T12:57:41.363810 Technology Area: Windows Operating System
V-225052	CAT II	MONT-AP-002	Microsoft Windows Server 2016 Security T...	Kerberos encryption types must be configured to pr...		-
Check Text If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: SupportedEncryptionTypes Value Type: REG_DWORD Value: 0x7ffffff8 (2147483640) Fix Text Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network security: Configure encryption types allowed for Kerberos" to "Enabled" with only the following selected: AES128_HMAC_SHA1 AES256_HMAC_SHA1 Future encryption types Note: Organizations with domain controllers running earlier versions of Windows where RC4 encryption is enabled, selecting "The other domain supports Kerberos AES Encryption" on domain trusts, may be required to allow client communication across the trust relationship. Finding Details Evaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: EB2E1C21CBD2C88EBB89CDF510B713F7A18E062B ~~~~~ 'Network security: Configure encryption types allowed for Kerberos' is Enabled with 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, and Future encryption types' Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: SupportedEncryptionTypes Value: 0x7ffffff8 (2147483640) Type: REG_DWORD Source: _Reviewed/MONT-AP-002/Checklist/MONT-AP-002_WinServer2016_V2R10_20251023-144214.ckl Scan Date: 2026-01-14T12:57:42.721079 Technology Area: Windows Operating System

CUI