707d1ae2-c6f2-46af-966d-d3559db69094
The server message block (SMB) protocol provides the basis for many network operations. Digitally signed SMB packets aid in preventing man-in-the-middle attacks. If this policy is enabled, the SMB server will only communicate with an SMB client that performs SMB packet signing
To fix this configure the policy value for:
Computer Configuration
|_ Windows Settings
|_ Security Settings
|_ Local Policies
|_ Security Options
|_ Microsoft network server: Digitally sign communications (always) to "Enabled".
STIG: Server 2019: https://www.stigviewer.com/stig/microsoft_windows_server_2019/2022-03-01/finding/V-205827
Server 2016: https://www.stigviewer.com/stig/microsoft_windows_server_2016/2022-03-01/finding/V-225042
More information on this option: https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always
NIST 800-53: SC-12(2),SC-12(3),SC-13
NIST 800-171 Rev2: 3.13.11
NIST 800-171A: 3.8.6, 3.13.11
CMMC v2.0 Mapping v1.02: SC.3.177
CMMC V2.0 Level 2: SC.L2-3.13.11
CMMC v2.0 Level 3: SC.L2-3.13.11, TBD - 3.14.1e
CSA CMM v4: CEK-01, CEK-02, CEK-03, CEK-04, DSP-10, LOG-10, LOG-11
PCI DSS 3.2: 2.2.3, 4.1
PCI DSS 4.0: 3.3.2, 8.3.2, 12.3.3
SIG: D.7.5.1
STIG: SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188
NOTE: Modifying this setting may affect compatibility with clients that does not support SMBv2, like old OS Windows XP or outdated windows 7