Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-235761 | EDGE-00-000048 | SV-235761r879588_rule | Medium |
Description |
---|
This setting specifies which HTTP authentication schemes are supported. The policy can be configured by using these values: "basic", "digest", "ntlm", and "negotiate". Separate multiple values with commas. If this policy is not configured, all four schemes are used. |
STIG | Date |
---|---|
Microsoft Edge Security Technical Implementation Guide | 2024-02-13 |
Check Text ( C-38980r766864_chk ) |
---|
The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/HTTP authentication/Supported authentication schemes" must be set to "ntlm,negotiate". Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge If the value for "AuthSchemes" is not set to "REG_SZ = ntlm,negotiate", this is a finding. |
Fix Text (F-38943r626480_fix) |
---|
Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/HTTP authentication/Supported authentication schemes" to "ntlm,negotiate". |