The application must support organizational requirements to enforce password encryption for storage.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36412 | SRG-APP-171-NA | SV-47816r1_rule | Medium |
| Description |
|---|
| Applications must enforce password encryption when storing passwords. Passwords need to be protected at all times and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read and easily compromised. Rationale for non-applicability: The MDM server must use the Enterprise Authentication Mechanism for administrator accounts. |
| STIG | Date |
|---|---|
| Mobile Device Manager Security Requirements Guide | 2013-01-24 |
Details
| Check Text ( C-44654r1_chk ) |
|---|
| This requirement is NA for the MDM server SRG. |
| Fix Text (F-40944r1_fix) |
|---|
| The requirement is NA. No fix is required. |