The SMB Signing not required when detected with a vulnerability scanner will report it as a CVSSv3.0 5.3.
CVSS is a scoring system for vulnerability systems, its an industry standard scoring system to mark findings against a specific number ranging from 0 to 10. They are shown as:
Signing is not required on the remote SMB server. Enforce message signing in the host's configuration. On Windows, this is found in the policy setting 'Microsoft network server: Digitally sign communications (always)'. On Samba, the setting is called 'server signing'.
If you are a system admin, Login to the Windows Server with admin rights and on run Prompt, type gpedit.msc to open Local Group Policy.
Browse to this Path: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
Click on ‘Microsoft network server: Digitally sign communications (always). By default, this setting is usually disabled. Double click on it and change it to enabled.
If you are not a system admin than you need to share these details with your system administrator in order to create a domain level policy for all the affected Servers.
