Vulnerability V-220818

This requirement is applicable to domain-joined systems. For standalone or nondomain-joined systems, this is NA. The default behavior for "Support device authentication using certificate" is "Automatic". If the registry value name below does not exist, this is not a finding. If it exists and is configured with a value of "1", this is not a finding. If it exists and is configured with a value of "0", this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ Value Name: DevicePKInitEnabled Value Type: REG_DWORD Value: 1 (or if the Value Name does not exist)

This requirement is applicable to domain-joined systems. For standalone or nondomain-joined systems, this is NA. The default behavior for "Support device authentication using certificate" is "Automatic". If this needs to be corrected, configure the policy value for Computer Configuration >> Administrative Templates >> System >> Kerberos >> "Support device authentication using certificate" to "Not Configured or "Enabled" with either option selected in "Device authentication behavior using certificate:".