UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Unencrypted remote access to system services must not be permitted.


Overview

Finding ID Version Rule ID IA Controls Severity
V-2908 WN08-00-000007 SV-48066r1_rule ECCT-1 ECCT-2 High
Description
Unencrypted access to system services may permit an intruder to intercept user identification and passwords that are being transmitted in clear text. This could give an intruder unlimited access to the network.
STIG Date
Windows 8 Security Technical Implementation Guide 2014-01-07

Details

Check Text ( C-44805r1_chk )
Interview the IAO to ensure that encryption of userid and password information is required, and data is encrypted according to DoD policy.

If the user account used for unencrypted remote access within the enclave (premise router) has administrator privileges, this is a finding.

If userid and password information used for remote access to system services from outside the enclave is not encrypted, this is a finding.
Fix Text (F-41204r1_fix)
Ensure the following are met during remote access:
Encrypt userid and password information.
Encrypt user data coming from or going outside the network firewall. (Encrypting user data within the firewall is also highly recommended.)
Encrypt administrator data.