"user" CIFS mounts not supported; violates STIG with setuid root

As far as I can see, and I'm open to the notion I'm taking the wrong approach, for a user to mount a Windows file share, as in "mount /mnt/data" as defined in /etc/fstab: //WinServer/FileShare /mnt/data -t cifs -o noauto,user,sec=krb5,nounix,noserverino 0 0 (or -o _netdev,user,...), the setuid bit must be set on /usr/sbin/mount.cifs.
It appears to be well-known that mount.cifs must be run with sudo elevation (https://bugzilla.redhat.com/show_bug.cgi?id=1190505).

If I configure my user (in sudoers.d) to run sudo mount /mnt/data, then Kerberos authentication takes a joyride and the required key (is) not available.

If I setuid on mount.cifs, the mount works wonderfully well, except the DISA or another STIG scan raises a compliance issue.

Any thoughts on how to remedy?