The ability of Lync to store user passwords must be disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-70901	DTOO420	SV-85525r1_rule		Medium

Description
Skype for Business 2016 provides a single, unified client for real-time communications, including voice and video calls, Lync Meetings, presence, instant messaging, and persistent chat. These features require the ability to log into the service with a username and password. The Lync client could potentially be configured to store user passwords locally which would allow it to be susceptible to compromise and to be used maliciously.

Description

Skype for Business 2016 provides a single, unified client for real-time communications, including voice and video calls, Lync Meetings, presence, instant messaging, and persistent chat. These features require the ability to log into the service with a username and password. The Lync client could potentially be configured to store user passwords locally which would allow it to be susceptible to compromise and to be used maliciously.

STIG	Date
Microsoft Skype for Business 2016 STIG	2016-12-21

Details

Check Text ( None )
None

Fix Text (F-45760r1_fix)
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Skype for Business 2016 -> Microsoft Lync Feature Policies "Allow storage of user passwords" to "Disabled".