Details
If Windows Authentication mechanisms are used on SharePoint, the system should be configured to use the Kerberos authentication protocol rather than the NT Lan Manager (NTLM) equivalent.
Rationale:
There are a few factors in which Kerberos is superior to NTLM authentication and is indeed preferred. First, Kerberos offers faster authentication because it does not require multiple servers and components to complete authentication tasks, as in the case of NTLM authentication. Second, Kerberos offers mutual authentication. Kerberos can authenticate the client to the server and importantly, also the server to the client.
Solution
1. Launch Central Administration.
2. Click on Application Management then Manage web applications.
3. In Authentication Providers click each available zone.
4. Under Authentication Providers – Zone popup check Integrated Windows authentication
and select Negotiate (Kerberos).
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.