An error occurred:

Check: WN11-SO-000060

Microsoft Windows 11 STIG: WN11-SO-000060 (in versions v1 r6 through v1 r1)

Title

The system must be configured to require a strong session key. (Cat II impact)

Discussion

A computer connecting to a domain controller will establish a secure channel. Requiring strong session keys enforces 128-bit encryption between systems.

Check Content

If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\ Value Name: RequireStrongKey Value Type: REG_DWORD Value: 1 Warning: This setting may prevent a system from being joined to a domain if not configured consistently between systems.

Fix Text

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Domain member: Require strong (Windows 2000 or Later) session key" to "Enabled".

Additional Identifiers

Rule ID: SV-253443r916422_rule

Vulnerability ID: V-253443

Group Title: SRG-OS-000423-GPOS-00187

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002388

The organization defines a list of monitoring tools to be employed to detect indicators of denial of service attacks against the information system.
CCI-002418

The information system protects the confidentiality and/or integrity of transmitted information.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-5 (3)

Detection / Monitoring
SC-8

Transmission Confidentiality And Integrity